Environment
OS: Manjaro GNOME (latest)
boot: UEFI
Expected results
Both system partitions are decrypted with the correct passphrase.
Actual results
The root partition decrypts the system regardless of the integrity of the passphrase. There are security concerns.
About problem
Manjaro with encrypted /boot and root partitions will decrypt the root partition and display the GRUB menu, regardless of the integrity of the passphrase required for decryption. /boot works as expected, but Manjaro allows an empty or random passphrase when decrypting the root partition. This problem was discovered when trying to dual boot with Linux Mint. You can also reproduce the problem with VirtulBox by partitioning the disk in half and manually installing Manjaro on one side.
Reproduce the problem
- Boot under the UEFI boot environment and install using the GUI installer manual installation with the following configuration.
sdb 8:16 0 931.5G 0 disk
├─sdb1 8:17 0 476.8M 0 part # <- /boot/eif
├─sdb2 8:18 0 2G 0 part # <- swap
├─sdb3 8:19 0 464G 0 part # <- encrypt /
└─sdb4 8:20 0 477M 0 part # <- encrypt /boot
- Boot the OS and Enter the key to decrypt the /boot partition
- Enter a passphrase that is ‘not’ the decryption key for the system partition
- OS startup (problem reproduction completed)
If you have any questions, please feel free to post.
Think you