GRUB LUKS Slow boot

Hello community!
Since yesterday, I am dancing with Manjaro. Installed the latest version of KDE.

Can't solve the problem with slow LUKS/GRUB boot.

Since I have already reinstalled the system fully several times, I have nothing to lose and am ready to reinstall it (with your help) one more time.

What I've tried and it didn't help:

  1. This;

  2. I also tried not to encrypt /boot (also did not help)


Here's mine inxi -Fxz:

System:    Host: comp Kernel: 5.4.2-1-MANJARO x86_64 bits: 64 compiler: gcc v: 9.2.0 Desktop: KDE Plasma 5.17.4 
           Distro: Manjaro Linux 
Machine:   Type: Laptop System: Timi product: TM1701 v: N/A serial: <filter> 
           Mobo: Timi model: TM1701 v: MP serial: <filter> UEFI: INSYDE v: XMAKB5R0P0502 date: 10/13/2017 
Battery:   ID-1: BAT0 charge: 46.4 Wh condition: 46.9/60.0 Wh (78%) model: SUNWODA R15B01W status: Charging 
CPU:       Topology: Quad Core model: Intel Core i7-8550U bits: 64 type: MT MCP arch: Kaby Lake rev: A L2 cache: 8192 KiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 32012 
           Speed: 800 MHz min/max: 400/4000 MHz Core speeds (MHz): 1: 800 2: 801 3: 800 4: 800 5: 800 6: 800 7: 801 8: 800 
Graphics:  Device-1: Intel UHD Graphics 620 vendor: Xiaomi driver: i915 v: kernel bus ID: 00:02.0 
           Device-2: NVIDIA GP108M [GeForce MX150] vendor: Xiaomi Mi Notebook Pro driver: nouveau v: kernel bus ID: 01:00.0 
           Display: x11 server: X.Org 1.20.6 driver: intel,modesetting resolution: 1920x1080~60Hz 
           OpenGL: renderer: Mesa DRI Intel UHD Graphics 620 (Kabylake GT2) v: 4.5 Mesa 19.2.7 direct render: Yes 
Audio:     Device-1: Intel Sunrise Point-LP HD Audio vendor: Xiaomi driver: snd_hda_intel v: kernel bus ID: 00:1f.3 
           Sound Server: ALSA v: k5.4.2-1-MANJARO 
Network:   Device-1: Intel Wireless 8265 / 8275 driver: iwlwifi v: kernel port: 3000 bus ID: 02:00.0 
           IF: wlp2s0 state: up mac: <filter> 
Drives:    Local Storage: total: 252.88 GiB used: 6.53 GiB (2.6%) 
           ID-1: /dev/nvme0n1 vendor: Samsung model: MZVLW256HEHP-00000 size: 238.47 GiB 
           ID-2: /dev/sda type: USB vendor: Kingston model: DataTraveler 3.0 size: 14.41 GiB 
Partition: ID-1: / size: 233.44 GiB used: 6.53 GiB (2.8%) fs: ext4 dev: /dev/dm-0 
Sensors:   System Temperatures: cpu: 50.0 C mobo: N/A 
           Fan Speeds (RPM): N/A 
Info:      Processes: 240 Uptime: 1m Memory: 15.53 GiB used: 1.16 GiB (7.5%) Init: systemd Compilers: gcc: 9.2.0 Shell: bash 
           v: 5.0.11 inxi: 3.0.37 



Before Manajaro I used KDE Neon with auto installation/partitioning with the whole disk encryption. The boot process took place in a few seconds.

I would be very grateful for your help.
What should I do now? At the moment I have an empty system installed in UEFI...

Do you have the haveged.service installed and enabled?

How I can check it?

sudo pacman -S haveged

After that

sudo systemctl enable haveged

Then try a reboot.

Before I install it, I want to tell you another thing.
Since the system was installed in UEFI mode, from time to time I notice that applications are frizzed and I can't close them.

The question is, maybe I should reinstall the system in BIOS mode again?

Hmmm...can't tell you since I have only UEFI experience.

Ok, got you.
Now I'm doing sudo pacman -Syu and after I'll install haveged.

You could try other kernels, 5.4 has issues with i915 and iwlwifi afaik:

Thanks for the advice, but I don't have any problems with WiFi.

Oh, now I get it. Thank you again, but as soon as I solve the problem with GRUB/LUKS (if I do), I will immediately use this great tutorial to make my NVIDIA work: [HowTo] Set up PRIME with NVIDIA proprietary driver. Yesterday, I checked this manual on my laptop and everything worked out without any problems. Thank you very much to the author of this manual.

1 Like

Install it, enabled it and rebooted -- nothing change, the boot time is about ~1 minute.

Anyone?

Or maybe there is some manual how to install Manjaro only with one key slot?

If you have used the default settings in Calamares - your boot partition will be encrypted too.

This is known to make boot take longer.

One way to avoid this is a custom partition layout

  • /boot/efi - 512M - FAT32 -$esp
  • /boot - 512M - ext2/3
  • / use your preferred file system - ext4, btrfs, f2fs (ssd) and select the Encrypted checkbox

Supply passphrase and install


1 Like

Thank you for your reply.
Didn't help. Slow boot and in addition now I am asked for a password twice.


I'll check your links, thanks for that.
If I can't solve this problem, I will return to KDE Neon (probably today).

I don't know why you are asked twice for passphrase.

I have created installations using LUKS and systemd and only one passphrase.

If you use a display manager - you will be prompted for a user passphrase - but you can skip that if the system is a single user system.

The logic is: You already encrypted the device so why bother with a user password.

Afterthought: I wonder why users trying Manjaro are using phrases like - I will probably go back to ...? (edited sentence - to not be misunderstood)

Just speculating - always meant to ask - as I have seen phrases like this many times - and I don't quite understand it.

1 Like

Please check your luks header:

cryptsetup luksDump /dev/[your-luks-device]

How many Iterations does it use? I remember that I reduced it to 300.000 on my laptop to get a reasonable performance during boot:

...
Key Slot 0: ENABLED
	Iterations:         	300000
...
2 Likes

No, its not a user passphrase.

First I see this:

I'm entering the password and after 40 seconds I see this:

I'm entering the password and after 5 seconds I see the Plasma.


I don't want to create a quarrel here, but why Manjaro is presented to the market as a "friendly distribution for beginners"?
I am without a working computer for a few days now and I can't do my work because I am dancing with Manjaro and trying to make it work as I need it. And I need the system to be encrypted. In other distributions it's enough just to check the box, enter the password and everything works as it should. From those links that you left, as well as from other search queries, I realized that a lot of Manjaro users are facing this problem.... I wonder why the developers don't solve this problem.


$ sudo cryptsetup luksDump /dev/nvme0n1p3:

LUKS header information for /dev/nvme0n1p3

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        512
MK digest:      0b 06 19 5a 40 1c a0 e1 b7 d5 70 76 01 9b 41 51 77 bc 80 44 
MK salt:        ae ae c2 ba 71 97 b5 87 c5 c8 a2 f3 62 64 1f 9b 
                46 d1 79 07 01 34 3c cc 19 07 40 6b 48 3e c9 7c 
MK iterations:  112798
UUID:           25c864c6-5fb9-48fc-a119-6997d9c6f1d9

Key Slot 0: ENABLED
        Iterations:             1814144
        Salt:                   1c e2 72 48 1e 38 15 0b 4a db 1d 9d c5 8b 10 46 
                                c6 95 89 0c 90 40 7e 3a 57 3c c2 f0 2a 5c 4f 5a 
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: ENABLED
        Iterations:             1713358
        Salt:                   73 42 d5 d8 5d 07 1e d8 df dc ac 14 37 34 34 52 
                                3b a1 c8 f1 82 a0 9e 30 39 7b 2a 42 ea 6a 54 25 
        Key material offset:    512
        AF stripes:             4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Your MK iterations are normal for a fully encrypted Manjaro spin. I'm sure that's the norm set by upstream Arch.

It'll take that long. Mine does the same.

The easiest solution would be to nuke your install, then repartition in the installer where you leave /boot/efi and /boot unencrypted. Then only encrypt your / partion. Obviously, those sectors will be less secure.

Your boot sequence will then be on par with KDE Neon. Ubuntu-based distros must use a smaller hashing iteration, because they all boot pretty quick with full-disk encryption.

As far as changing the iterations ... that link has about 3 different scenarios. I'd also wouldn't mind a sure fire process here from a Manjaro user, just to feel a bit more locked into the process.

GM

mbod,

I know you provided a link, but if you lowered your iterations on Manjaro ... would you be interested on sharing your method?

Thanks,
GM

This is the root cause why it takes so long to unlock your luks volume. 1,8 million iterations is too much for your CPU. Try to reduce that to e.g. 300.000.

2 Likes

Forum kindly sponsored by