Still getting errors when trying to install with CryptoDisk

Screenshot

grub-install: error attempt to install to encrypted disk without credentials.

GRUB_ENABLE_CRYPTODISK=y is not being added to /etc/default/grub

Is there a default username/password so that I can login via terminal and make those corrections before running grub-install?

liveuser is the username. Can’t find password. Anyone?

Looking at the error, I’m guessing it’s the encryption-pass for the disk you’re trying to install Archlabs on that’s asked. (I could be wrong, never had that error-msg)
So, not the username/password for the live-CD, but the password for disk-encryption…

I know. I need the password to the ‘liveuser’ account, so that I can login very terminal, add the needed line to the grub file, and then returning to the install to complete installation.

I changed the password for liveuser prior to starting the Installer so that I could add that line to grub. Got past that part, let’s see if she boots.

Was cryptdisk tested?

Password should be “archlabs”

Yea myself and a couple others have done encrypted installs without issues

Can I get a bit more info as this seems like its a simple fix

  • Is your system UEFI or BIOS?
  • Can you provide rough idea of your patition setup
  • Possible steps to reproduce?

If all I have to do is add the following to /ect/default/grub

GRUB_ENABLE_CRYPTODISK=y

Should this only be done when encryting the boot partition and the system is BIOS?

EDIT
After doing another run I’ve hit the same error, I should have a hotfix out soon

1 Like

GRUB_ENABLE_CRYPTODISK=y
is missing, but when adding it manually I was unable to boot.

I guess, and I’m still investigating,
GRUB_CMDLINE_LINUX="cryptdevice=/XXXXX"
is missing as well.

I’ve just about got a fixed iso, will pop a link here when done

EDIT

After a few hours of building and debugging I think I’ve got it sussed

A variable was getting mangled causing LUKS_DEV (cryptdevice=…) to never be defined

Ready to validate any new iso as soon as it is abailable, with laptop sitting next to me waiting for its encrypted install.

I’m just doing a double check so I’m not wasting time

Will upload as a tester and link a.s.a.p

Here is the ‘new’ iso. Beta Hotfix 2018.03 ISO Download

I’ve done a few other minor changes

  • mirrorlist is now optimized during install
  • base-devel is added during install for building AUR packages
  • added back the EFI partition format option (may re-impliment but it wasn’t working)
  • minor formatting adjustments to installer instructions/text

Any feedback or issues from testers of this one would be awesome

Cheers

1 Like

Downloading and testing now.

On a side note, UEFI/EFI install worked fine here.

2 Likes

Nate,
thank you for your effort, I can confirm it works as expected now.
From that perspective 10/10 points from my side, maybe even 11/10.

Minor point of improvment, you need to enter keys twice, once in grub2, and once when cryptsetup is opening the root volume. Maybe replacing the later with a keyfile would make sense.

Regarding the EFI partition formatting option

The issue was/is when selection the partition you will be given an option to format it
A fair bit weighs on this as if you do wipe it, all your bootloaders will be gone.

This isn’t as big of an issue for Linux distros however a broken Windows install can be (at worst) impossible to recover.

My thought was, check the partition for windows or other bootloaders and simply not offer the format option if some were found.

However the downside (and reason I’ve reverted it for now) is that if you do want the partition formatted there would never be the option offered.

I’m open to opinions on this one, which would you prefer?

Ok, got it, thank you for the clarification. I’m not surprised I did not spot the issue, as there is no Windows here anymore.

1 Like

Yea, totally agree

I don’t have much experience with encryption as I don’t use it myself
however I’ll take a read through the Arch wiki and see what I can do to make it happen without breaking things again

Any tips if you got em would be welcome :stuck_out_tongue:

1 Like

Yea thats how my main desktop is too :smiley:

I have a laptop that I use to do most of my testing and I clonezilla the original OEM partitioning setup if I ever need it for testing, resale, etc

1 Like

I found a nice summary yesterday on how to fo that trick, it wasn’t complicated.
if now my browser would actually have history enabled…

Here is the tutorial I followed when installing Arch manually:
https://grez911.github.io/cryptoarch.html

After “#Installing grub” you will find a section on how to add a keyfile to the system using the cryptsetup luksAddKey

1 Like