Does not prompt me for a passphrase for my encrypted drive during startup

Went through the archlabs-installer and use the auto partitioning scheme. I also selected the encrypt drive option. Machine boots and I can log on as user and I can use the machine but I would expect that even before that there will be a prompt asking me for the passphrase to enable the encrypted drive. Did I go wrong somewhere? Where can I check if the setup is correct?

lsblk -f

will show me your system block devices

ls -al /crypto_keyfile.bin

will show me if a keyfile was created

grep 'crypto_keyfile' /etc/mkinitcpio.conf

will show me if a keyfile was added to the initramfs.

It might also be relevant which bootloader you chose (I assume grub usually)

I chose grub as the bootloader. The results of each listed command shows everything is fine but the passphrase ask is still missing for boot up.

How do you know what ‘fine’ is if you’re asking for help with the issue?

If you have a keyfile and aren’t being prompted for a passphrase then obviously something is wrong with the install process or in your choices. If I don’t know what I’m looking at (some info) then I can’t offfer any more help.

Sorry, did not mean to be vague. Here are the results.

NAME          FSTYPE      LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINT
├─sda1        vfat              0142-357C                             396.6M    22% /boot
└─sda2        crypto_LUKS       b955d245-3b9b-4ba6-a4fb-c34e0cb38a66                
  └─cryptroot ext4              fe03e9a0-90a2-418a-b43a-b3e6c859c4ad  132.3G    14% /
---------- 1 root root 4096 Mar  1 03:55 /crypto_keyfile.bin

Try to revome the keyfile from the FILES=() in /etc/mkinitcpio.conf then rebuild it with

# change linux to linux-lts or linux-zen, etc. if needed
mkinitcpio -p linux

You shouldn’t need to touch the keyfile for now, reboot and see if it prompts for a passphrase. If all goes well you can remove the keyfile, I think that should be all that’s needed.

Can you also perhaps post the output of cat /etc/default/grub, there should be a couple lines


that’s all I’m interested in, if the reboot is fine and all then you can just disregard this.

Just dropped in, I recently installed the latest version several times, the prompt for LUKS / cryptroot only occurs when you choose systemd-boot instead of grub AFAIK.

Thanks natemaia. That solved the issue.
I removed the keyfile from FILES=() in /etc/mkinitcpio.conf and then rebuild it with

# change linux to linux-lts or linux-zen, etc. if needed
mkinitcpio -p linux

rebooted and the system prompts for the passphrase as expected. Much obliged.

Thanks gazeka74 for the additional information. I thought it should work for grub because that was what I did on other distros I tried. Seems to be a step missing in the installer automatic process I think.

Hmm interesting, it should (obviously) not do that :stuck_out_tongue:

Theyre all just supposed to prompt once, I know what’s happenening but not fully why. In the installer if the system is BIOS, the bootloader is grub, and the user setup LUKS (but not lvm), then a keyfile is gonna get created.

Perhaps something changed recently but with all my testing (given I only have a few machines) I was prompted twice for password, leading me to think a keyfile was the answer…

I’ll do some fiddling around and see what I can figure out, but I think it’s safe to say at this point it was an error on my part and that keyfile creation will likely be dropped from the installer.

Awesome stuff, feel free to remove the keyfile.