Hi everyone,
I'm a new Artix user and have been really enjoying the distribution. I successfully installed Artix LXQt (Dinit) on my laptop with LUKS encryption, and everything is working great. Now, I’m trying to install the base Dinit image on a PC with LUKS, but I’ve run into issues.
My Setup:
Installation Image: Artix base (Dinit)
Encryption: LUKS
Boot Mode: UEFI with GPT
No Desktop Environment (manual install, no Calamares)
Bootloader: GRUB
The Problem:
I’ve attempted the installation four times using multiple guides, but after rebooting, GRUB never finds the partitions, and I’m dropped into a rescue prompt. It feels like I’m missing something specific to Dinit that I should be doing but am not.
Resources I've Followed:
Artix Installation Guide
Artix Full Disk Encryption Guide
Arch Dm-crypt Guide
Any advice on what I might be missing or what I should check?
Hello and welcome!
I am not a great grub expert.
I think you followed these recommendations:
https://wiki.artixlinux.org/Main/Installation#Partition_your_disk
https://wiki.artixlinux.org/Main/Installation#Boot_Loader
I've read that when dealing with problems due to messed up EFI firmware, some people have had more success with refind:
https://www.rodsbooks.com/refind/
https://wiki.archlinux.org/title/REFInd
Please chroot into your system and post your current
/etc/default/grub + the output of the
lsblk command, this will make it easier for us to diagnose what's going on.
Thanks for the feedback. I will go through the installation again and post the output if it fails again.
I decided rather than wait for failure, ask questions I have along the way!
I may be getting hung up with the configuration to /etc/default/grub. Here is what I have so far:
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=443f158f-8728-434b-98a1-bcc0e9d3e1a0:sda2.luks root=/dev/mapper/sda2.luks"
# Uncomment to enable booting from LUKS encrypted devices
GRUB_ENABLE_CRYPTODISK=y
Am I properly updating this line with the output shown below? Should there be anything listed for swapfile or boot which is in the encrypted / partition.
lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
loop0
squash
sda
|-sda1
| vfat 9B43-8B9D 511M 0% /boot/efi
`-sda2
| crypto 443f158f-8728-434b-98a1-bcc0e9d3e1a0
`-sda2.luks
ext4 f9b89582-6d03-4cd1-913b-4bb1ce4dd544 7.9G 42%
swapon --show
NAME TYPE SIZE USED PRIO
/swapfile file 4G 110M -2/
Also, am I pointing to the correct path for grub-mkconfig based off of my partitioning?
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub
grub-mkconfig -o /boot/grub/grub.cfg
Last, I am using dinit init system. Do I need to enable any additional services to start for the system to boot?
ls /etc/dinit.d/
NetworkManager config dbus-pre logind tty2 tty4 tty6
boot.d dbus elogind tty1 tty3 tty5
ls /etc/dinit.d/boot.d/
logind
Although your GRUB config should work in theory, from personal experience I really recommend replacing
root= with its UUID in order to avoid issues in the future. So, change the line to this (based from your
lsblk -f output):
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=443f158f-8728-434b-98a1-bcc0e9d3e1a0:sda2.luks root=UUID=f9b89582-6d03-4cd1-913b-4bb1ce4dd544"
Also, I can't help but notice that your root partition is 7.9G in size? How much space does your laptop's whole drive have?
Yes, it looks correct
From the FDE guide (https://wiki.artixlinux.org/Main/InstallationWithFullDiskEncryption#Other_Packages), you must have the
device-mapper and
dmcrypt services in order to boot (dmeventd and cryptsetup are the equivalent in dinit). It looks like you're not using lvm so no need for that service.
So, you should have the
device-mapper,
device-mapper-dinit,
cryptsetup and
cryptsetup-dinit packages.
Then, enable the services:
dinitctl enable dmeventd
dinitctl enable cryptsetup
Now you
should be able to boot. If not, removing the
quiet parameter from GRUB's CMDLINE should give a more verbose description of the problem and we'll see how it goes from there.
Thanks for the advice, going to try now!
The little drive should be 16G. I noticed interesting output when I execute commands. Maybe when executing with the -f option it's showing the available space? I do have my 4G swapfile on /.
edit: I am now seeing the column name FSAVAIL, I guess that is what is available.
[artix-live /]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 782.2M 1 loop
sda 8:0 0 16G 0 disk
|-sda1 8:1 0 512M 0 part /boot/efi
`-sda2 8:2 0 15.5G 0 part
`-sda2.luks 254:0 0 15.5G 0 crypt /
lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
loop0
squash
sda
|-sda1
| vfat 9B43-8B9D 511M 0% /boot/efi
`-sda2
| crypto 443f158f-8728-434b-98a1-bcc0e9d3e1a0
`-sda2.luks
ext4 f9b89582-6d03-4cd1-913b-4bb1ce4dd544 7.9G 42% /
Oh, right, it is the available space. You're correct.
But if you don't mind sharing, why is your drive's capacity so small? Is it a USB stick? 16G is enough for a base Artix install, but it probably won't be comfortable. Storage is pretty cheap nowadays, why not get something bigger? Just curious.
I am closer however at boot I am getting a luks passphrase prompt as expected but it isn't accepting my passphrase:
Enter passphrase for hd0,gpt2 (443f158f-8728-434b-98a1-bcc0e9d3e1a0):
Invalid passphrase.
Enter passphrase for hd0,gpt2 (443f158f-8728-434b-98a1-bcc0e9d3e1a0):
Invalid passphrase.
Enter passphrase for hd0,gpt2 (443f158f-8728-434b-98a1-bcc0e9d3e1a0):
error: Invalid passphrase.
error: disk 'cryptouuid/443f158f8728434b98a1bcc0e9d3e1a0'
Entering rescue mode ...
artix-live:[root]:~# lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
loop0 squashfs 0 100% /run/artix/sfs/rootfs
sda
├─sda1 vfat 9B43-8B9D
└─sda2 crypto_LUKS 443f158f-8728-434b-98a1-bcc0e9d3e1a0
sr0 iso9660 ARTIX_202408 2024-08-22-22-42-13-00 0 100% /run/artix/bootmnt
artix-live:[root]:~# cryptsetup open /dev/sda2 sda2.luks
Enter passphrase for /dev/sda2:
artix-live:[root]:~# lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
loop0 squashfs 0 100% /run/artix/sfs/rootfs
sda
├─sda1 vfat 9B43-8B9D
└─sda2 crypto_LUKS 443f158f-8728-434b-98a1-bcc0e9d3e1a0
└─sda2.luks ext4 f9b89582-6d03-4cd1-913b-4bb1ce4dd544
sr0 iso9660 ARTIX_202408 2024-08-22-22-42-13-00 0 100% /run/artix/bootmnt
I am able to boot back into the live disk and execute the cryptsetup open command with the expected passphrase.
edit: Yes you are correct it's on a little SSD card. This is more of a learning experiment than something I will be using for everyday use. I really appreciate your help. I do have another device where I installed Artix via calamares that is working. Very nice of you to take the time.
Post the HOOKS line from your /etc/mkinitcpio.conf
Also, are you 100% sure that the password you're entering is correct? Did you use characters from a non-english layout in it?
MaxLPM, thanks for your perseverance and kindness! Yes it seems like the passphrase is correct. I am able to boot from the live Artix image, and cryptsetup open /dev/sda2 sda2.luks without issue. Very simple password only using ASCII letters and numbers. Really strange issue.
Here is the output from /etc/mkinitcpio.conf:
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)
Solved! I thought you would like to know the solution since you have been with me throughout this journey. I typed the issue into ChatGPT.
Grub didn't support my Luks key type. I added another key specifically PBKDF: pbkdf2, and now it accepts my passphrase and the system is up! Thanks for all of your help. I am enjoying Artix and the community is really helpful.
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: argon2id
Iterations: 100000
Salt: <hex>
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: pbkdf2
Iterations: 1000000
Salt: <hex>
Thank you again for your advice and help. Building Artix from the command line really helped me understand how grub and initamfs function better.