How do get graceful retry for bad/wrong password entry at disk decryption during boot?

qsu · 5 October 2021 00:40

tl;dr anyone know how (both before and after install) one can setup more graceful retry (rather than falling into grub rescue when password is mistyped?

As reported here I frequently run into the following grub flow whenever I mistype my password:

Attempting to decrypt master key...
Enter passphrase for hd2,gpt2(...long-hex-string...):
error: access denied.
error: no such cryptodisk found.
error: disk 'cryptouuid/...long-hex-string...' not found.
Entering rescue mode...
grub rescue>

However, Manjaro’s the first place I’ve seen this happen. All other distros I’ve installed (entirely via GUI - not doing anything too “advanced” I don’t think - just always choosing encryption of my full disk): I encounter some sort of UX that allows me to try again rather than dropping me to a grub rescue> prompt. Is there a way to get this (nicer “retry UX”) behavior with Manjaro? I’m interested in both after-the-fact (I’ve already installed, now how do I get said behavior) and before-hand (I’m about to install, what do I do in the installation UI to ensure I’ll be configured with said retry behavior).

qsu · 5 October 2021 00:44

Also, I’d be happy to hear that others do not get this behavior for their disk-encrypted installs, in which case this means I just clicked the wrong thing at some point during my install (which at least gives me a lead)

winnie · 5 October 2021 03:13

With these other distros, did they create a separate /boot partition? or was the only thing non-encrypted your EFI system partition?

The prompt you’re seeing (to input your LUKS passphrase) is a rudimentary method from the EFI executable itself.

The former method of using full-disk encryption would leave a small separate non-encrypted /boot/ partition where the kernel and initramfs would live, which would be used to prompt for your LUKS passphrase to later unlock the root partition. (Failed passphrases would re-prompt you a few more times before aborting.)

A workaround for the moment, provided by the Arch Wiki:

I haven’t tried this yet myself, and I’m not sure if it works for all distros or versions of LUKS.

Fabby · 7 October 2021 13:52

Please read this:

Furthermore, I’ve marked this answer as the solution to your question as it is by far the best answer you’ll get.

However, if you disagree with my choice, please feel free to take any other answer as the solution to your question or even remove the solution altogether: You are in control! (If you disagree with my choice, just send me a personal message and explain why I shouldn’t have done this or or if you agree)

P.S. In the future, please don’t forget to come back to your question after your issue has been solved and click the 3 dots below the answer to mark a solution like this below the answer that helped you most:

so that the next person that has the exact same problem you just had will benefit from your post as well as your question will now be in the “solved” status.

system · 10 October 2021 03:53

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.