You are not logged in.
- Topics: Active | Unanswered
Pages: 1
Topic closed
#1 2024-06-18 01:06:51
- 6i5
- Member
- Registered: 2024-06-09
- Posts: 14
Does GRUB not support unlocking LUKS2-encrypted boot partitions?
In my previous posts I was able to encrypt my entire disk except boot. I simplified my partitioning layout and tried again. This time, there is an EFI partition, the entire root directory which is unencrypted and the encrypted boot. I have confirmed from last time that my keyboard layout is not the issue. However GRUB is still unable to unlock cryptboot. Is this proof that GRUB's support for LUKS2 boot is still broken, or could I have missed a crucial step?
> lsblk -f
NAME FSTYPE FSVER MOUNTPOINTS
loop0 squashfs 4.0 /run/archiso/airootfs
nvme0n1
├─nvme0n1p1 vfat FAT32 /mnt/efi
├─nvme0n1p2 LVM2_member LVM2 001
│ └─vg001-cryptboot crypto_LUKS 2
│ └─boot ext4 1.0 /mnt/boot
└─nvme0n1p3 ext4 1.0 /mnt/
> cat /mnt/etc/fstab
# <file system> <dir> <type> <options>
# /dev/nvme0n1p3
UUID=... / ext4 rw,realtime
# /dev/mapper/boot
UUID=... /boot ext4 rw,realtime
# /dev/nvme0n1p1
UUID=... /efi vfat rw,realtime,...
> cat /etc/mkinitcpio.conf
...
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block lvm2 encrypt filesystems fsck)
> cat /etc/default/grub
...
GRUB_ENABLE_CRYPTODISK=y
...
> grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck
Installing for x86_64-efi platform.
Installation finished. No error reported.
> grub-mkconfig -o /boot/grub/grub.cfg
...
doneOffline
#2 2024-06-18 01:16:48
- cryptearth
- Member
- Registered: 2024-02-03
- Posts: 2,034
Re: Does GRUB not support unlocking LUKS2-encrypted boot partitions?
https://wiki.archlinux.org/title/GRUB#Encrypted_/boot
limited support for luks2 - pbkdf only
Offline
#3 2024-06-18 01:25:57
- 6i5
- Member
- Registered: 2024-06-09
- Posts: 14
Re: Does GRUB not support unlocking LUKS2-encrypted boot partitions?
https://wiki.archlinux.org/title/GRUB#Encrypted_/boot
limited support for luks2 - pbkdf only
> cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 5000 --key-size 512 --pbkdf=pbkdf2 --use-urandom --verify-passphrase /dev/vg001/cryptbootI used the command above to encrypt the boot partition. As you can see LUKS2 pbkdf2 was used, yet GRUB was unable to unlock it.
Offline
#4 2026-03-08 20:05:19
- blueman
- Member
- From: web
- Registered: 2021-02-25
- Posts: 2
Re: Does GRUB not support unlocking LUKS2-encrypted boot partitions?
I think it was caused by "--hash sha512". With sha256 it works fine.
Offline
#5 2026-03-08 22:28:32
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,700
Re: Does GRUB not support unlocking LUKS2-encrypted boot partitions?
Or because grub has been updated since then. Everything in this thread is out of date, which is why you shouldn't bump old threads.
Online
#6 2026-03-08 23:02:05
- WorMzy
- Administrator
- From: Scotland
- Registered: 2010-06-16
- Posts: 13,417
- Website
Re: Does GRUB not support unlocking LUKS2-encrypted boot partitions?
Mod note: closing, for reasons noted.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
Pages: 1
Topic closed