Arch Linux

rouen-sk

Member

Registered: 2025-10-13

Posts: 4

mkinitcpio - how to switch to systemd on encrypted root?

Hi guys,
so yesterday I updated my system, and noticed in mkinitcpio.conf.pacnew, that defaults have been changed to use systemd based initial ramdisk now.
So I looked at wiki, and it seems the change should be pretty straightforward, there are even examples for encrypted root in mkinitcpio.conf itself.
So, I changed my previous:

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)

to

HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole sd-encrypt block filesystems fsck)

regenerated initramfs (sudo mkinitcpio -p linux) and rebooted... aaaand got this

For now, I booted from usb, cryptsetup open, mount, arch-chroot, reverted changes in mkinitcpio.conf and regenerated initramfs, rebooted - and I am running again, so this is not "help ASAP pls" post, but I would like to learn what is the problem and how to correctly switch to systemd based initial ramdisk. I have LUKS2 encrypted disk with BTRFS. Not using LVM. Root is set in /etc/default/grub like this:

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=771679b5-0ac2-4cc7-a25e-a4e570d29f9a:root root=/dev/mapper/root"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=771679b5-0ac2-4cc7-a25e-a4e570d29f9a:root root=/dev/mapper/root"

Thanks!

EDIT: Looking at Wiki, it seems there is different kernel parameter syntax for sd-encrypt.
So in /etc/default/grub I should replace

GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=771679b5-0ac2-4cc7-a25e-a4e570d29f9a:root root=/dev/mapper/root"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=771679b5-0ac2-4cc7-a25e-a4e570d29f9a:root root=/dev/mapper/root"

with

GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet rd.luks.name=771679b5-0ac2-4cc7-a25e-a4e570d29f9a=root root=/dev/mapper/root"
GRUB_CMDLINE_LINUX="rd.luks.name=771679b5-0ac2-4cc7-a25e-a4e570d29f9a=root root=/dev/mapper/root"

Is that the only thing I missed, or something else maybe? (Not feeling like doing another usb-boot-revert round just now

Last edited by rouen-sk (2025-11-06 09:09:36)

frostschutz

Member

Registered: 2013-11-15

Posts: 1,585

Re: mkinitcpio - how to switch to systemd on encrypted root?

One way to find out but that should be pretty much it.

Of course after editing default/grub you still have to regenerate the actual grub cfg or it won't change anything.

agapito

Member

From: Who cares.

Registered: 2008-11-13

Posts: 702

Re: mkinitcpio - how to switch to systemd on encrypted root?

Yes, you need:

rd.luks.name=771679b5-0ac2-4cc7-a25e-a4e570d29f9a=root

and then, you can remove:

root=/dev/mapper/root

---

Excuse my poor English.

broken pipe

Member

Registered: 2010-12-10

Posts: 247

Re: mkinitcpio - how to switch to systemd on encrypted root?

I'm using systemd-boot and changed the following files. However, the boot process hangs, “there is a background process running for /dev/mapper/root.”
I recreated the images using mkinitcpio -P, did i miss anything else?

mkinitcpio.conf

MODULES=()
BINARIES=()
FILES=()
HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap block sd-encrypt filesystems fsck)

/boot/loader/entries/linux-zen.conf

title   Arch Linux (linux-zen)
linux   /vmlinuz-linux-zen
initrd  /initramfs-linux-zen.img
options rd.luks.name=c4ba2d3c-acf5-41f2-817f-728c24f7788b=root root=/dev/mapper/root zswap.enabled=0 rw rootfstype=ext4

frostschutz

Member

Registered: 2013-11-15

Posts: 1,585

Re: mkinitcpio - how to switch to systemd on encrypted root?

Double check the UUID. Must be the UUID as shown by cryptsetup luksDump

broken pipe

Member

Registered: 2010-12-10

Posts: 247

Re: mkinitcpio - how to switch to systemd on encrypted root?

Double check the UUID. Must be the UUID as shown by cryptsetup luksDump

It's the same UUID as before, but

 cryptsetup luksDump /dev/nvme0n1p2 

(root device), shows a complete different UUID. Do i need this?

edit: I solved it, it's the UUID not the PARTUUID! It's working now! Bonus: kwalletmanager is now unlocked by the same passphrase with the sddm inherit mechanism ... noice

Last edited by broken pipe (2025-11-06 18:22:02)

antivalenz

Member

Registered: 2023-05-04

Posts: 3

Re: mkinitcpio - how to switch to systemd on encrypted root?

Thanks for the thread and the helpful advice everybody! I encountered the same error that you mentioned, broken pipe. In my case (using systemd-boot as bootloader), I had simply forgotten to reinstall the bootloader with "bootctl install". For anyone else who comes across this thread - perhaps this information is useful.

Last edited by antivalenz (2025-11-06 18:44:52)

Saroumane

Member

Registered: 2023-12-25

Posts: 17

Re: mkinitcpio - how to switch to systemd on encrypted root?

@rouen-sk :
Did you notice any "real" benefits thanks to the switch to systemd ? (apart from the sddm / wallet unlocking written above)
Shorter boot times ?

I'm a bit afraid of this change because my grub commandline is different, I use "rootflags". I'd like to not be the 1st to verify if it's still working...

GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-uuid/xxxxxxxxxx:system:allow-discards rootflags=subvol=@archroot"

Last edited by Saroumane (2025-11-08 18:52:16)

espritlibre

Member

Registered: 2022-12-15

Posts: 136

Re: mkinitcpio - how to switch to systemd on encrypted root?

i'm a bit lost on this one... how do i properly apply the mkinitcpio change? my setup is luks encrypted root/boot with lvm and grub.
my current config:

HOOKS=(base udev autodetect microcode keyboard keymap modconf block encrypt lvm2 filesystems fsck plymouth)

GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 lsm=landlock,yama,apparmor,integrity,bpf nvidia_drm.modeset=1 nvidia_drm.fbdev=1 initcall_blacklist=simpledrm_platform_driver_init intel_iommu=on iommu=pt ipv6.disable=1 loglevel=3 audit=1 audit_backlog_limit=8192 nowatchdog module_blacklist=iTCO_wdt,iTCO_vendor_support panic=45 splash"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:cryptlvm cryptkey=rootfs:/root/cryptlvm.keyfile"

should i change it to:

HOOKS=(base systemd autodetect microcode keyboard sd-vconsole modconf block encrypt lvm2 filesystems fsck plymouth)

GRUB_CMDLINE_LINUX="rd.luks.name=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:cryptlvm cryptkey=rootfs:/root/cryptlvm.keyfile"

i don't want to try it out under the week, in case i have to chroot inside the system. maybe i'll just try it out on the weekend...
thanks in advance

Last edited by espritlibre (2025-11-16 00:41:46)

rouen-sk

Member

Registered: 2025-10-13

Posts: 4

Re: mkinitcpio - how to switch to systemd on encrypted root?

@rouen-sk :
Did you notice any "real" benefits thanks to the switch to systemd ? (apart from the sddm / wallet unlocking written above)
Shorter boot times ?

I'm a bit afraid of this change because my grub commandline is different, I use "rootflags". I'd like to not be the 1st to verify if it's still working...

GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-uuid/xxxxxxxxxx:system:allow-discards rootflags=subvol=@archroot"

Not really, but I did not expect shorter boot times or anything like that.
I updated, because maintainers clearly think systemd based initramfs is better default now. Who am I to argue and accumulate technical debt over time? I am on rolling distro, so I will roll with it
Cannot speak for rootflags, I did what I described in EDIT to my post, and it works. Good luck tho!

boarim

Member

Registered: 2022-05-28

Posts: 20

Website

Re: mkinitcpio - how to switch to systemd on encrypted root?

I switched yesterday (I had a similar setup than the OP with similar problem to transition, but thanks to this post, everything works as expected now). I noticed a slightly faster boot time, because the decryption process is faster.

---

Simplicity is the ultimate sophistication. — Leonardo da Vinci (1452–1519)

Saroumane

Member

Registered: 2023-12-25

Posts: 17

Re: mkinitcpio - how to switch to systemd on encrypted root?

In my case the CMDLINE I used in grub config was :

GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-uuid/xxxxxxxxxx:system:allow-discards rootflags=subvol=@archroot"

and became :

GRUB_CMDLINE_LINUX="rd.luks.name=UUID=system rootflags=subvol=@archroot"

But something "broke" in mkinitcpio.conf HOOKS.
I had :

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont numlock block filesystems fsck encrypt)

Now I have :

HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole numlock block sd-encrypt filesystems fsck)

"numlock" hook as no more effect : it's no more active when I have to type the password to unlock the root partition.

This lost feature is confirmed here (Pinned comment) : https://aur.archlinux.org/packages/mkinitcpio-numlock

espritlibre

Member

Registered: 2022-12-15

Posts: 136

Re: mkinitcpio - how to switch to systemd on encrypted root?

if anyone is running full disk encryption with lvm on luks and use a keyfile for the 2nd password prompt for the init... this is how i switched from busybox to systemd init

before:

HOOKS=(base udev autodetect microcode keyboard keymap modconf block encrypt lvm2 filesystems fsck plymouth)

GRUB_CMDLINE_LINUX="cryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:cryptlvm cryptkey=rootfs:/path/to/cryptlvm.keyfile"

after:

HOOKS=(base systemd autodetect microcode keyboard sd-vconsole modconf block sd-encrypt lvm2 filesystems fsck plymouth)

GRUB_CMDLINE_LINUX="rd.luks.name=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX=cryptlvm rd.luks.key=/path/to/cryptlvm.keyfile"

the run grub-mkconfig... and mkinitcpio -P

maybe this will help someone..

Last edited by espritlibre (2025-11-16 00:58:26)

ecognito

Member

Registered: 2009-05-30

Posts: 24

Re: mkinitcpio - how to switch to systemd on encrypted root?

I tried changing my hooks like from:

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems resume fsck)

to:

HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt filesystems fsck)

And got it hanging during boot at:

A start job is running for /dev/mapper/root (Xmin Ys / no limit)

No prompt to enter the passphrase or anything. Just the incrementing timer.

I initially used efibootmgr for boot management (as I've documented here) and there didn't seem to be anything needing a tweak like it does with Grub.

MonolithImmortal

Member

From: Atlanta, GA

Registered: 2011-01-29

Posts: 12

Re: mkinitcpio - how to switch to systemd on encrypted root?

Thanks for the thread and the helpful advice everybody! I encountered the same error that you mentioned, broken pipe. In my case (using systemd-boot as bootloader), I had simply forgotten to reinstall the bootloader with "bootctl install". For anyone else who comes across this thread - perhaps this information is useful.

You know what, I had a similar issue with Limine, when I get around to trying to get this configured again I'm going to try running limine-install as I had missed that detail.

Edit: yep that was the step I was missing.

Last edited by MonolithImmortal (2025-11-18 12:32:24)

---

Dental CAD designer, bodybuilder, arch linux enthusiast.