[SOLVED] After kernel upgrades system doesn't open encrypted root FS

mhill8 · 2026-05-28 00:01:57

I installed Arch on my current laptop with LUKS-encrypted root volume a few years ago. I typically try to `pacman -Syu` at least monthly, sometimes weekly, to keep the number of updates from getting too large. (Mostly I'll wait until there's at least a kernel update to justify the whole process.)

I have linux-zen-6.18.2-zen2-1-zen installed as the oldest; I think I first encountered this problem with 6.18.5. The boot process looks different, and the system does not prompt for the LUKS password. It instead starts a job trying to mount the root FS, which times out after 90s. It then prints a few lines about trying recovery mode, and basically locks up.

I may have tried a few more kernels, with the same results, so I fell back to 6.18.2.

linux-zen-7.0.3-zen1-2-zen worked again: It prompts for the password first thing, and then boots normally, so I've been using that. Unfortunately, it broke again with 7.0.9. I haven't gratuitously changed anything in the initrd configuration; I've tried altering the HOOKS line in various ways, but no luck so far.

Here's how it looks with the working kernels (after the very first lines with the kernel version and "starting initrd" or similar):

:: running early hook [udev]
Starting systemd-udevd version 260.1-2-arch
:: running hook [udev]
:: Triggering uevents...
:: running hook [keymap]
:: Loading keymap...done
:: running hook [encrypt]

A password is required to access the root volume:
Enter passphrase for /dev/nvmes0n1p7:

With the nonfunctional kernels/initrds, it instead prints (after a couple dmesg-looking lines):

Booting initrd of Arch Linux.
[  OK  ] Started Dispatch Password Requests
[...]  Lots of "OK" lines
[      ] A start job is running for /dev/disk/by-uuid/[UUID]

Non-comment lines in /etc/mkinitcpio.conf:

MODULES=()
BINARIES=()
FILES=()
HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
MODULES_DECOMPRESS="yes"

There are no non-comment lines in /etc/crypttab (as expected for a root FS).

Here are the "linux" and "initrd" lines for 7.0.9 and 7.0.3 from grub.cfg:

echo    'Loading Linux linux-zen-7.0.9-zen2-1-zen ...'
linux   /vmlinuz-linux-zen-7.0.9-zen2-1-zen root=UUID=1f072805-10d9-4ca2-b58f-d84c28ed17ac rw  cryptdevice=UUID=aeaab87c-4996-427e-a0df-b7603f6aa75b:root loglevel=3
echo    'Loading initial ramdisk ...'
initrd  /amd-ucode.img /initramfs-linux-zen-7.0.9-zen2-1-zen.img

echo    'Loading Linux linux-zen-7.0.3-zen1-2-zen ...'
linux   /vmlinuz-linux-zen-7.0.3-zen1-2-zen root=UUID=1f072805-10d9-4ca2-b58f-d84c28ed17ac rw  cryptdevice=UUID=aeaab87c-4996-427e-a0df-b7603f6aa75b:root loglevel=3
echo    'Loading initial ramdisk ...'
initrd  /amd-ucode.img /initramfs-linux-zen-7.0.3-zen1-2-zen.img

They are, as far as I can tell, identical except for the kernel versions.

I most recently removed "udev" from the HOOKS line and regenerated the initrd for 7.0.9, since other systems don't show it when "systemd" is in use. It's my understanding that SystemD implements its own, which shows up in the working boot section above.

What configuration do I need so that the pacman kernel installation/upgrade process correctly sets up the initrd to prompt for the root FS volume every time? TIA.

Last edited by mhill8 (2026-05-28 19:52:12)

jonno2002 · 2026-05-28 01:12:41

this comes up all the time, its the:

cryptdevice=UUID=aeaab87c-4996-427e-a0df-b7603f6aa75b:root

should be

rd.luks.name=aeaab87c-4996-427e-a0df-b7603f6aa75b=root

since your using a systemd based initramfs.

read sections 4.4 and 4.5 here https://wiki.archlinux.org/title/Dm-cry … initcpio_3

EDIT: sorry i fixed a typo it should be

rd.luks.name=aeaab87c-4996-427e-a0df-b7603f6aa75b=root

Last edited by jonno2002 (2026-05-28 01:22:17)

mhill8 · 2026-05-28 06:49:32

Thank you for the quick response. I'll give that a try and report back. I do wonder, however, why the cryptdevice= was not a problem for 7.0.3. The last time it happened, I did search all over and didn't find anything like "for SystemD you *must* use the rd.luks.name= form"; there was a mix of the two forms on various pages, without any reference to which situations they apply to.

seth · 2026-05-28 07:24:44

I most recently removed "udev" from the HOOKS line

It's not the kernel, it's that busybox and systemd require different syntax to decrypt the device.

mhill8 · 2026-05-28 19:49:49

jonno2002 wrote:

should be

rd.luks.name=aeaab87c-4996-427e-a0df-b7603f6aa75b=root

I updated grub.cfg manually and rebooted, and this time 7.0.9 printed all the [OK] lines, but prompted for the password too, then proceeded to complete booting. I updated /etc/default/grub accordingly, and, since there was a new kernel available, updated the system to test. It booted into 7.0.10 the same way, so hopefully I'll be good from now on.

Thank you for your help!

Arch Linux

#1 2026-05-28 00:01:57

[SOLVED] After kernel upgrades system doesn't open encrypted root FS

#2 2026-05-28 01:12:41

Re: [SOLVED] After kernel upgrades system doesn't open encrypted root FS

#3 2026-05-28 06:49:32

Re: [SOLVED] After kernel upgrades system doesn't open encrypted root FS

#4 2026-05-28 07:24:44

Re: [SOLVED] After kernel upgrades system doesn't open encrypted root FS

#5 2026-05-28 19:49:49

Re: [SOLVED] After kernel upgrades system doesn't open encrypted root FS

Board footer