Skip to main content
Topic: LUKS full disk encryption: grub does not accept correct password (Read 772 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

LUKS full disk encryption: grub does not accept correct password

I am following luke smith's guide https://yewtu.be/watch?v=dI3bGeT31Bo to installing artix with full disk encryption. After all the steps, when I boot to grub asking for my password, it will tell me I have the wrong password every time. I have tried booting from recovery mode, but it will not accept my password there, either. I am certain I am typing it in correctly, and can decrypt my drive from the live USB, but I cannot actually boot into it. So far I have followed this video to a T, with only one exception. In his /etc/default/grub, he keeps the comment on the line saying to uncomment to allow booting to encrypted luks volumes. I had to uncomment this line, otherwise grub-install would fail and not install.
For those who don't want to click through a video, he
formats drive with 1gb space for mbr and the rest a root fs.
he runs cryptsetup luksFormat on the root drive, and sets  a password for it.
does a little misc setup and bootstraps the new root
chroots into the new fs
does more misc
edits /etc/mkinitcpio.conf and adds the encrypt and lvm2 flags
edits /etc/default/grub to include the UUID of the drive and the unencrypted drive
mkinitcpio -p linux
installs grub, does grub mkconfig

I don't know what my issue is. I should be able to do the same thing. My password has no odd characters, and I can type all of them into the rescue prompt, and they appear as they should. This seems like a grub issue, but I don't know how to fix it.
/etc/mkinitcpio.conf:
Code: [Select]
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES=(usbhid xhci_hcd)
MODULES=()

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES=()

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No RAID, lvm2, or encrypted root is needed.
#    HOOKS=(base)
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS=(base udev autodetect modconf block filesystems fsck)
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS=(base udev modconf block filesystems fsck)
#
##   This setup assembles a mdadm array with an encrypted root file system.
##   Note: See 'mkinitcpio -H mdadm_udev' for more information on RAID devices.
#    HOOKS=(base udev modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck)
#
##   This setup loads an lvm2 volume group.
#    HOOKS=(base udev modconf block lvm2 filesystems fsck)
#
##   NOTE: If you have /usr on a separate partition, you MUST include the
#    usr and fsck hooks.
HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems fsck)

# COMPRESSION
# Use this to compress the initramfs image. By default, zstd compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="zstd"
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

# MODULES_DECOMPRESS
# Decompress kernel modules during initramfs creation.
# Enable to speedup boot process, disable to save RAM
# during early userspace. Switch (yes/no).
#MODULES_DECOMPRESS="yes"

/etc/default/grub (I am sure I have the correct UUIDs)
Code: [Select]
# GRUB boot loader configuration

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Artix"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=5 cryptdevice=UUID=(crypt uuid):cryptlvm root=UUID=(root uuid)"
GRUB_CMDLINE_LINUX=""

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

# Uncomment to enable booting from LUKS encrypted devices
GRUB_ENABLE_CRYPTODISK=y

# Set to 'countdown' or 'hidden' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=menu

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `videoinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"

# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
#GRUB_SAVEDEFAULT=true

# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y

# Probing for other operating systems is disabled for security reasons. Read
# documentation on GRUB_DISABLE_OS_PROBER, if still want to enable this
# functionality install os-prober and uncomment to detect and include other
# operating systems.
#GRUB_DISABLE_OS_PROBER=false

Any help is appreciated. Apologies for convention breaks; I've never made an artix forum post before.

Re: LUKS full disk encryption: grub does not accept correct password

Reply #1
I'm sorry, but I don't think anyone is going to rewatch a nearly hour-long video looking for a error...

Besides, we have documentation that you can follow. If you need LUKS2, you can see this installation note (EFI ONLY).


Re: LUKS full disk encryption: grub does not accept correct password

Reply #2
The Artix GUI installer has an option to configure LUKS itself, under Partitions-Encrypt system. This will be the easiest way, you can of course deinstall any desktop afterwards.

Re: LUKS full disk encryption: grub does not accept correct password

Reply #3
There was another question about LARBS on here recently, the person in question went on to ask Luke Smith himself, and got an immediate solution from him on his GitHub issues page:
https://github.com/LukeSmithxyz/LARBS/issues
If you are encountering a problem following his guide then he would be a good person to talk to, and might well want to know about it if there was something wrong or unclear in the video. Not that people on here won't be able to help you, it just might take longer!  ;D

 

Re: LUKS full disk encryption: grub does not accept correct password

Reply #4
There is a good guide if you decide to install system by hands.
https://www.unixsheikh.com/tutorials/real-full-disk-encryption-using-grub-on-artix-linux-for-bios-and-uefi.html

It is what you would have after following archwiki but instead of following different articles - on archlinux general install, GRUB, encryption - everything is put in correct order.