Fighting with grub and my encrypted /

I am a road warrior, my XPS13 is always with me, so disk is encrypted.

I have a small problem with my configuration.

When booting Grub is asking me for my passphrase for the disk 1d1c973c-cc9c-4a90-ae8b-2a3946670b53, so far so good.
Then it will start another Grub, and I will greeted by a lovely emergency shell.

starting version 237

ERROR: device 'UUID=0585c43b-0282-4afb-b204-472495a78ac7' not found. Skipping fsck.
mount: /new_root: can't find UUID=0585c43b-0282-4afb-b204-472495a78ac7.
You are now being dropped into an emergency shell.
sh: can't access tty: job control turned off.

[rootfs ]#

I can run cryptsetup luksOpen and mount the partition to /new_root, and the boot will finish.

I added the UUID of the encrypted volume to my /etc/crypttab/

cryptroot      UUID=1d1c973c-cc9c-4a90-ae8b-2a3946670b53    none    luks

I noticed that the UUIDs between the grub and the partition it want to mount later.

Any ideas?
Yours, Ben

I fixed it… I forgot to update my grub.cfg…

Phew! Glad it was an easy fix.

Mounting the partition by hand was an ok-ish workaround but annoyed me.
I still have to streamline the boot process, as I now have to type the passphrase twice.

Yea its a pain, the latest iso has this sorted here

Alternatively just setup the keyfile manually

# Generate a random keyfile with proper permissions
dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
chmod 000 /crypto_keyfile.bin

# YOUR_DEVICE will need to be the encrypted /dev/sdX
cryptsetup luksAddKey /dev/YOUR_DEVICE /crypto_keyfile.bin

# Add the keyfile to mkinitcpio
sed -i 's/FILES=()/FILES=(\/crypto_keyfile.bin)/g' /etc/mkinitcpio.conf

# lastly rebuild the initramfs... For LTS kernel replace linux with linux-lts
mkinitcpio -p linux

Reboot and you should only have one password prompt

1 Like