What are you asking… why they are empty?
Typically these arrays remain empty unless you have a module or binary reference to add to them.
Essentially, they are not commented (despite being empty), because these arrays are checked for content systematically.
Any “deeper dive”, I’ll leave to others who might feel inclined.
Regards.
Sharing here what worked correctly for me, after several tries and fails…
Ressources - main ones as I went through many:
Initial problem / status:
Installation made 2 years ago, with Calamares with one main encrypted partition and a boot partition. After upgrading to 20251208 stable, and having installed 6.18 kernel, I was not able to boot into it - see https://forum.manjaro.org/t/stable-update-2025-12-08-25-1-anh-linh-preview/183479/76?u=telcoced
Actions I’ve triggered right after the upgrade: handle the merge of the mkinitcpio pacnew file. Most probably, I’ve done it wrong…but can’t be sure.
Configuration that was applied BEFORE upgrade, as far as I understood - sorry but some topics and file roles are still unclear to me:
Final word on this initial status: I really can’t know what was causing the issue with the 6.18 kernel…
Settings applied and commands to solve the issue:
lsblk -f. Mine looked like this one, the important one being nvme0n1p2 / 3d6aebc6-f20e-4479-a851-f2c41ed328c3nvme0n1
├─nvme0n1p1 vfat FAT32 21E7-5162 298,9M 0% /boot/efi
└─nvme0n1p2 crypto_LUKS 1 3d6aebc6-f20e-4479-a851-f2c41ed328c3
└─root ext4 1.0 39b3a819-f874-44c0-a554-766d566088b8 96,9G 53% /
Not sure it’s mandatory, as I already had a key file at the root of the partition, but I created a key for Luks. Commands:
su -dd bs=512 count=4 if=/dev/random iflag=fullblock | install -m 0600 /dev/stdin /etc/cryptsetup-keys.d/cryptlvm.keycryptsetup -v luksAddKey /dev/nvme0n1p2 /etc/cryptsetup-keys.d/cryptlvm.key - you’ll need the Luks passphrase for that as far as I rememberModify mkintcpio file, mine now looks like this, extracts:
HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt filesystems fsck) - the key there is the sd-encrypt parameter. Also, base option is described as usesell in some posts / procedures, but I found no issues keeping it…FILES=(/etc/cryptsetup-keys.d/cryptlvm.key) - used to be FILES=(/crypto_keyfile.bin)mkinitcpio -PModify /etc/default/grub, extract:
GRUB_CMDLINE_LINUX_DEFAULT="quiet rd.luks.key=/etc/cryptsetup-keys.d/cryptlvm.key rd.luks.name=3d6aebc6-f20e-4479-a851-f2c41ed328c3=root root=/dev/mapper/root"
Notice the two key inputs: the location of the keyfile and the UUID of the partition, The rd.luks.key parameter is listed as not necessary in resources I provided above - if the key file is located in /etc/cryptsetup-keys.d/, this statement seems false, the parameter is needed if you want to avoid entering the luks passphrase twice at each boot…
update-grubAt this point, you may be able to safely reboot. Sorry if I forgot something as it took me hours to come back to an under control situation, I will come back to those instructions later if I find something new or obviously missing.
Now, one last thing happened after that, confirming that I completely changed the way the Luks partition is unlocked / mounted: I had an error displayed between Grub launching boot and my DE login manager. A process - seems that it was not part of systemd as I did not find those logs in journalctl - was complaining that the luks partition could not be mounted as it was already in use. That was meaning that I had a double try/process involved for this mounting process. That’s where the French forum post was useful: it seems that using the sd-encrypt hook makes the crypttad / fstab calls to luks unlocking and mounting useless. So I went ahead and commented lines dedicated to that in the two files, here are the two end results for those files:
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: You need not list your root (/) partition here, but it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
# to encrypted swap, which should be set up with mkinitcpio-openswap
# for resume support.
#
# <name> <device> <password> <options>
#luks-3d6aebc6-f20e-4479-a851-f2c41ed328c3 UUID=3d6aebc6-f20e-4479-a851-f2c41ed328c3 /crypto_keyfile.bin luks
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
UUID=21E7-5162 /boot/efi vfat umask=0077 0 2
#/dev/mapper/luks-3d6aebc6-f20e-4479-a851-f2c41ed328c3 / ext4 defaults,noatime 0 1
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
Now, you can reboot once again, and voila!
I hope this quite long post will help some people that encountered issues with their encrypted partition after last upgrade…
Feel free to ask questions but I may not be able to answer to all of them…
Thank you so much for all your findings and instructions. It looks like this should be definitive but I’ve encountered a weird issue. When it comes to update grub with update-grub, I couldnt and kept telling me
/etc/default/grub: line 12: rd.luks.key=/etc/cryptsetup-keys.d/cryptlvm.key: No such file or directory
Weirdly, when I remove quiet I then get a different error from update-grub
/etc/default/grub: line 12: rd.luks.name=02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3=root: command not found
However, when I reboot with everything else in place, it doesnt boot without intervention but I immidiately wanted to access grub menu, while holding shift, manually edited it to what it should be, as described above and then it boots just fine. So your proceedure and configuration works as such but for some reason, I cant update the grub, despite being able to boot with new GRUB_CMDLINE_LINUX_DEFAULT when I force it manually. But this has to be done every time when booting, so not exactly viable. I was able to revert to ‘old way’ and are technically prepared for the ‘new way’ with systemd as well, once grub is able to be updated with new GRUB_CMDLINE_LINUX_DEFAULT.
Hello, indeed weird as they are two different problems…are you sure about the name / location of the keyfile you created? Was it added successfully to luks? Is the UUID of the partition the right one?
Also, the options in my /etc/default/grub file are called with “GRUB_CMDLINE_LINUX_DEFAULT”, is it also the case on your side?
Here is my full Grub default configuration file, if that can help to debug:
# GRUB boot loader configuration
GRUB_DEFAULT=saved
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Manjaro"
GRUB_CMDLINE_LINUX_DEFAULT="quiet rd.luks.key=/etc/cryptsetup-keys.d/cryptlvm.key rd.luks.name=3d6aebc6-f20e-4479-a851-f2c41ed328c3=root root=/dev/mapper/root"
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable booting from LUKS encrypted devices
GRUB_ENABLE_CRYPTODISK=y
# Set to 'countdown' or 'menu' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=hidden
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command 'videoinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
GRUB_COLOR_NORMAL="light-gray/black"
GRUB_COLOR_HIGHLIGHT="green/black"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/usr/share/grub/background.png"
GRUB_THEME="/usr/share/grub/themes/manjaro/theme.txt"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
GRUB_SAVEDEFAULT=true
# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y
# Uncomment this option to enable os-prober execution in the grub-mkconfig command
GRUB_DISABLE_OS_PROBER=false
# Uncomment to ensure that the root filesystem is mounted read-only so that
# systemd-fsck can run the check automatically. We use 'fsck' by default, which
# needs 'rw' as boot parameter, to avoid delay in boot-time. 'fsck' needs to be
# removed from 'mkinitcpio.conf' to make 'systemd-fsck' work.
# See also Arch-Wiki: https://wiki.archlinux.org/index.php/Fsck#Boot_time_checking
#GRUB_ROOT_FS_RO=true
Edit: yep you posted your system information in a previous post and the UUID seems fine, sorry should have checked.
Yes, ls -ltra confirms that for me
From the output I got, it seemed successful. [I dont remember what exactly it said]
Yes, in fact I dont think it would boot, when I was forcing it to with manually editing it in grub menu, would it?
Yes, I was just lazy omitting the DEFAULT originally.
It seems virtually same to mine, wiith minor differences that I dont see how they would influence the problem of generating config with the new parameters. Mine for comparison:
# GRUB boot loader configuration
# BACKUP START
# GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID=02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3:luks-02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3 root=/dev/mapper/luks-02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3 udev.log_priority=3 amd_pstate.enable=1 amd_pstate=active amdgpu.ppfeaturemask=0xffffffff"
# BACKUP END
# BACKUP 2025_12_13
# GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID=02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3:luks-02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3 root=/dev/mapper/luks-02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3 udev.log_priority=3 amd_pstate.enable=1 amd_pstate=active"
# GRUB_CMDLINE_LINUX_DEFAULT=“rd.luks.key=/etc/cryptsetup-keys.d/cryptlvm.key rd.luks.name=02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3=root root=/dev/mapper/root”
GRUB_DEFAULT=saved
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Manjaro"
GRUB_CMDLINE_LINUX_DEFAULT=“quiet rd.luks.key=/etc/cryptsetup-keys.d/cryptlvm.key rd.luks.name=02db1f6a-9578-4cd5-be9e-97a2fc3bb1a3=root root=/dev/mapper/root”
GRUB_CMDLINE_LINUX=""
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable booting from LUKS encrypted devices
#GRUB_ENABLE_CRYPTODISK=y
# Set to 'countdown' or 'menu' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=hidden
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command 'videoinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
GRUB_COLOR_NORMAL="light-gray/black"
GRUB_COLOR_HIGHLIGHT="green/black"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/usr/share/grub/background.png"
GRUB_THEME="/usr/share/grub/themes/manjaro/theme.txt"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
GRUB_SAVEDEFAULT=true
# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y
# Uncomment this option to enable os-prober execution in the grub-mkconfig command
GRUB_DISABLE_OS_PROBER=false
# Uncomment to ensure that the root filesystem is mounted read-only so that
# systemd-fsck can run the check automatically. We use 'fsck' by default, which
# needs 'rw' as boot parameter, to avoid delay in boot-time. 'fsck' needs to be
# removed from 'mkinitcpio.conf' to make 'systemd-fsck' work.
# See also Arch-Wiki: https://wiki.archlinux.org/index.php/Fsck#Boot_time_checking
#GRUB_ROOT_FS_RO=true
GRUB_ENABLE_CRYPTODISK=y
Don’t know if it’s relevant, but quotation marks seem different in the GRUB_CMDLINE_LINUX_DEFAULT line compared to the one for “GRUB_DISTRIBUTOR” - also check the one at the end of the line…
Oh, right. Looks like when I copied it from your post, it pasted it with different quotation marks. I’m going to try and correct it next time. I think this might be it.
And this is how I end up reading Quotation mark - Wikipedia , asking myself why human beings seem to love this level of complexity ^^
Anyway, seems you have double curved quote instead of “simple” double quote…
Sorry that comes from my initial post, corrected thanks to varikonniemi.
manjaro forum software uses “pretty” quotation by default in text body. If you want real quotes you need to write inside a < preformatted text > block.
Thanks, corrected it, weird as it was in a preformatted text, but seems that it’s not applicable when inline…hmmm no most probably me copy pasting THEN applying preformatting…
yes, you must type in the preformatted text box, if you copypaste the pretty quotes in there it does not change them. Or if you just add the tags around already typed text.
Tried it again, this time with correct quotation marks and it seems to work flwalessly. So once again, big thank you @Telcoced and also thanks @varikonniemi for explaining the nuances of what happened.
Yes, it always pays to double-check what you enter in configuration files, generally – the slightest silly mistake or typographical error can sometimes have dire consequences.
If you believe you have a solution to your issue, please mark the appropriate post as the solution to this topic so that others, perhaps with a similar problem can easily find the marked solution, and immediately decide whether the topic is relevant to their issue.
The appropriate post is usually the one that either provided, or helped you the most to find, the solution to your issue.
Use the button under the respective post.
Regards.
Speaking of marking, perhaps you shopuld stop abusing your moderator status. At no point have you been helpful and have only brought smugness and attack towards me.
You stated that:
which seemed to indicate a solution was found, and then you seemed to disappear.
It’s customary to mark a solution post for the reasons I’ve already explained, so I gave you a reminder of that. There is certainly no abuse of privilege, as you suggest.
I’m sorry, but frankly, I don’t see where is this coming from.
This has already been done, solution was marked about 24h ago. Why is it unmarked is a question for you, not me. I’ve marked the solution already yesterday.
You’ve been reported to administrator.
All I can do is call it as I see it. If you marked it previously – and I’m not doubting what you say – then someone has then obviously unmarked it. Why, I cannot say either.
Oh, have I?
Thanks, and have a wonderful life.