How do get graceful retry for bad/wrong password entry at disk decryption during boot?

Support
1

tl;dr anyone know how (both before and after install) one can setup more graceful retry (rather than falling into grub rescue when password is mistyped?

As reported here I frequently run into the following grub flow whenever I mistype my password:

Attempting to decrypt master key...
Enter passphrase for hd2,gpt2(...long-hex-string...):
error: access denied.
error: no such cryptodisk found.
error: disk 'cryptouuid/...long-hex-string...' not found.
Entering rescue mode...
grub rescue>

However, Manjaroā€™s the first place Iā€™ve seen this happen. All other distros Iā€™ve installed (entirely via GUI - not doing anything too ā€œadvancedā€ I donā€™t think - just always choosing encryption of my full disk): I encounter some sort of UX that allows me to try again rather than dropping me to a grub rescue> prompt. Is there a way to get this (nicer ā€œretry UXā€) behavior with Manjaro? Iā€™m interested in both after-the-fact (Iā€™ve already installed, now how do I get said behavior) and before-hand (Iā€™m about to install, what do I do in the installation UI to ensure Iā€™ll be configured with said retry behavior).

2 Likes
3

Also, Iā€™d be happy to hear that others do not get this behavior for their disk-encrypted installs, in which case this means I just clicked the wrong thing at some point during my install :slight_smile: (which at least gives me a lead)

4

With these other distros, did they create a separate /boot partition? or was the only thing non-encrypted your EFI system partition?

The prompt youā€™re seeing (to input your LUKS passphrase) is a rudimentary method from the EFI executable itself.

The former method of using full-disk encryption would leave a small separate non-encrypted /boot/ partition where the kernel and initramfs would live, which would be used to prompt for your LUKS passphrase to later unlock the root partition. (Failed passphrases would re-prompt you a few more times before aborting.)

A workaround for the moment, provided by the Arch Wiki:

I havenā€™t tried this yet myself, and Iā€™m not sure if it works for all distros or versions of LUKS.

4 Likes
5

Please read this:

Furthermore, Iā€™ve marked this answer as the solution to your question as it is by far the best answer youā€™ll get.

However, if you disagree with my choice, please feel free to take any other answer as the solution to your question or even remove the solution altogether: You are in control! (If you disagree with my choice, just send me a personal message and explain why I shouldnā€™t have done this or :heart: or :+1: if you agree)

:innocent:
P.S. In the future, please donā€™t forget to come back to your question after your issue has been solved and click the 3 dots below the answer to mark a solution like this below the answer that helped you most:
Solution
so that the next person that has the exact same problem you just had will benefit from your post as well as your question will now be in the ā€œsolvedā€ status.

6

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.