I am trying to install Grub on a UEFI system. I have /boot encrypted with Luks, / encrypted with Luks2, and /boot/efi is not encrypted.
When Architect goes to install Grub on /boot/efi, it asks for the encryption password to create a keyfile. I enter the password. Then I see a cryptsetup process using 100% of the CPU, but it does nothing. It will use 100% CPU for hours but never finish.
What is going on here and how do I make grub finish installing?
Curious, why are you encrypting /boot? For Manjaro, /boot/efi is typically a separate partition.
When you encrypt /, it also encrypts /boot already because it’s in the same partition.
Or did you for some reason made a separate partition for /boot that is separate from your / partition?
Yes, /boot is a separate partition because grub cannot open the luks2 container that holds / .
I’ve never used Architect, but what I understand is happening is:
grub on /boot/efi it detects /boot is encrypted/boot/efi/EFI is not encrypted!Now, I’m thinking a bit out of the box here, but can you:
/dev/sda1/EFI to let’s say /EFI and have Architect install grub on /EFI ?grub-install yourself manually to /EFI ?
I have actually come to the conclusion that what I’m trying to do is pointless. There’s nothing to gain from using Luks2 (argon2 specifically) if the key is stored on the weaker Luks1 container.