Thank you, @brn! That was what I needed - I tried first with the default menu entry only (can’t hurt to be careful) and worked as hoped for…
Having same issue after recent system update.
I have the problem on two different machines now.
error: sparse file not allowed.
error: no such cryptodisk found, perhaps a needed disk or cryptodisk module is not loaded.
452: out of range pointer: 0x95d67020
Aborted. Press any key to exit.
I’m not an expert and I did not follow this thread - but I sound that the cryptodisk module was not added to GRUB_PRELOAD_MODULES (see Can't boot LUKS encrypted install after 2023-03-31 stable update - #7 by philm)
Can you try to boot from a live usb stick + check if you can boot into your original OS? Can't boot LUKS encrypted install after 2023-03-31 stable update - #26 by Tobiwan
I followed the following steps:
The problem was not solved, the errors come, but after entering the passphrase for the second time, my system boots. I have to enter the passphrase two times for my system to boot. Very weird…
I had a similar problem (enter passphrase two times before booting). This was caused by bad RAM changing files on my filesystem (BTRFS). Can you verify that your system memory is working (for example with https://memtest.org/)?
Memory seems fine, Memtest shows no errors…
I am having the same issue on two machines and this started happening after the recent Manjaro System update, both machines are relatively new.
Maybe rebuilding the kernel could help? You can select an older kernel during boot and the remove + add the kernel in the graphical kernel overview.
I was using “6.1.22-1 LTS”, I installed “6.2.9-1” then rebooted using that, I then uninstalled “6.1.22-1 LTS”, rebooted, reinstalled “6.1.22-1 LTS”, rebooted then uninstalled “6.2.9-1”. Now I am running on “6.1.22-1 LTS” again
After each reboot the errors were showing and I had to enter the passphrase two times for the system to boot
I just did a fresh Virtualbox VM with 22.0.5 as base and updated to today’s stable update of 2023-04-11. The install used the automatic install mode with LUKS encryption using a normal password.
Boot process:
- grub loads and ask for the password
- after entering that it takes a short while
- the
cryptomount -u
error happens: [PATCH v5 5/9] cryptodisk: Improve cryptomount -u error message - waiting or pressing any key continues the boot process
Now I’ve to see what changed and how to get that message away.
how I got rid of the nag screen
- I had to reinstall grub via
grub-install --force --target=i386-pc --recheck --boot-directory=/boot /dev/sda
- then I ran
update-grub
to regenerate the menu
This got rid of the nag screen not finding the right partition.
Lets analyze the grub.cfg file of the old grub installed to MBR on this BIOS VM:
So it loads the needed modules. calls cryptomount -u
and points to the right partitions.
After I also updated grub on MBR we got this menu entry for the same 6.1 kernel:
More or less it is the same entry as we had before. So the only change most likely made is on the binary files which got installed by the package update of grub package. Most similar on that issue, on which we reverted those modifications to call fwsetup: Arch Linux - News: Grub bootloader upgrade and configuration incompatibilities
Me and the dashes …
Seems grub 2.06-r261 has the cryptomount -u
cmd without the dashes and with 2.06-r456 those got added. So removing the dashes from the cmd “fixes” the issue. However, those changes are common and only get fixed when grub matches the binaries of the package and the version installed on MBR/EFI.
So what is the real issue now?
- commit 3cf2e84 changes how UUIDs for cryptodisk got handled.
- a user can now specify UUID strings with dashes, instead of having to remove
dashes. This is backwards-compatibility preserving and also fixes a source
of user confusion over the inconsistency with how UUIDs are specified
between file system UUIDs and cryptomount UUIDs. Since cryptsetup, the
reference implementation for LUKS, displays and generates UUIDs with dashes
there has been additional confusion when using the UUID strings from
cryptsetup as exact input into GRUB does not find the expected cryptodisk. - since we never update the corresponding MBR/EFI installation of grub, which needs to been called via
grub-install
and the parameters used to install grub the first time those changes in the binary files of the grub package won’t match the expectations the older grub may have fromgrub.cfg
file. Hence it is a breaking change for older installations - Is Arch affected by this? Most likely yes when they updated their package to 2:2.06.r380.g151467888-1. But there people expect to know on how to fix issues with grub, especially when you use LUKS FDE.
What is the real fix?
Well Arch needs to fix on how it installs grub to begin with as upstream expects to have their binaries in sync with what the package installs on your hard drive and what is installed in your MBR/EFI.
Is there a workaround?
Sure, you can modify /usr/bin/update-grub
by removing exec
and add the following line: sed -i -e '/cryptomount -u/ {s/-//g;s/ u/ -u/g}' /boot/grub/grub.cfg
after the line which starts now with grub-mkconfig ...
How can I avoid all of that matter?
Simply put grub into the package ignore list as grub won’t get properly installed anyway.
What about security updates?
Well, you’re the admin of your machine. Update grub package and keep your MBR/EFI installation of grub in-sync
Confirm, reinstalling grub and then update-grub worked for me
I’ve added a workaround for the main issue we are facing here. This way grub doesn’t need to been updated on MBR/EFI. Simply a package update of the grub package is enough. update-grub
script will handle the issue with the dashes: [pkg-upd] 2.06.r456.g65bc45963-6 (6eca32e6) · Commits · Packages / Core / grub · GitLab
sudo pacman -U https://mirror.easyname.at/manjaro/pool/overlay/grub-2.06.r456.g65bc45963-6-x86_64.pkg.tar.zst
It would be good if people who already have updated via grub-install ...
to 2.06-r456 on MBR/EFI to check if still all works.
Thank you, when will this package be available through the public repositories?
Currently I can only see version “2.06.r456.g65bc45963-4” through the package manager…
I mean available in the stable branch
When we’re sure that version actually fixes the problem and doesn’t break everyone’s system.
Until the grub-update reaches the official repo, I managed to boot my fully encrypted Manjaro system using “Super Grub2 Disk Beta”
Steps I did:
Visit: Super Grub2 Disk Beta
Download supergrub2-classic-2.06s2-beta1-multiarch-CD.iso
Write the *.ISO file to a USB Stick using this command:
(edit [PathToSuperGrub2ISO] & [SDXXX])
sudo dd if=/home/...[PathToSuperGrub2ISO].../supergrub2-classic-2.06s2-beta1-multiarch-CD.iso of=/dev/[SDXXX] bs=4M status=progress && sync
From your BIOS boot menu select booting from the USB Stick.
From the “Super Grub2 Disk Beta” menu choose "Detect…"
After that choose your Manjaro partion…
That Super Grub2 Disk Beta
might also not work as it is an older version which doesn’t has the dashes support. That got added in December 2022 to a more modern grub version which is not released. Those changes will be included in 2.08 version of grub. So people simply call the pacman cmd as I compiled grub against stable branch anyway. I simply didn’t upload it there yet …
Please also have a look at:
I’m not affected, so I just skimmed over this long thread and am sorry, if this has been mentioned before:
If you get dropped into grub recovery console because cryptomount failed, you can execute it manually. For example, /boot is on the second partition of the first disk:
cryptomount (hd0,gpt2)
or alternatively cryptomount -u <uuid>
it should ask for the pass again. Once that succeeds to unlock, execute:
insmod normal
normal
should be all you need to get started. source