unix stackexchange com/q/657663/29 you can get the bounty if you want. it’s not allowing links in my posts, so, you’ll have to enter it, and view it for other links
I broke my luks installation, I can get into it, but I have to decrypt and mount manually through the rescue shell after grub boots (and then systemd needs the password again). Below is just a copy of what’s in the SE Post.
So I’ve read the arch wiki and I’m still a bit overwhelmed. In the wiki it feels like a lot of these are optional.
Here’s what I did. I used Manjaro to install into a single partition, which I may be regretting, and I enabled full disk encryption. What I observe when booting, to either windows or Linux, is I’m prompted for a password, and then I see the actual grub menu.
I’m not then certain which options will work. I think that LVM is enabled, but not 100% and I’m sure I selected ext4. I looked at modifying the grub.conf generation scripts, but I’m not sure where, nor am I sure if that’s the right place.
What’s the right answer for adding
no_write_workqueue on Manjaro?
here’s what my most current configuration is, but I keep getting dropped into a rescue shell. I’m trying to used the systemd cryptsetup to do all the things, which seems to suggest that I use
note: the name
root is coming from my manual mounting in the rescue shell.
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS MOUNTPOINT UUID loop0 7:0 0 450.2M 1 loop /var/lib/snapd/snap/wickrme/543 /var/lib/snapd/snap/wickrme/543 loop1 7:1 0 55.4M 1 loop /var/lib/snapd/snap/core18/2074 /var/lib/snapd/snap/core18/2074 loop2 7:2 0 65.1M 1 loop /var/lib/snapd/snap/gtk-common-themes/1515 /var/lib/snapd/snap/gtk-common-themes/1515 loop3 7:3 0 32.3M 1 loop /var/lib/snapd/snap/snapd/12398 /var/lib/snapd/snap/snapd/12398 zram0 253:0 0 1.5G 0 disk [SWAP] [SWAP] nvme0n1 259:0 0 953.9G 0 disk ├─nvme0n1p1 259:1 0 100M 0 part /boot/efi /boot/efi 6CEB-F417 ├─nvme0n1p2 259:2 0 16M 0 part ├─nvme0n1p3 259:3 0 780.6G 0 part ├─nvme0n1p4 259:4 0 508M 0 part CA343C30343C223D ├─nvme0n1p5 259:5 0 146.5G 0 part 74c51543-eb14-4f61-afeb-b5de6c10a32a │ └─root 254:0 0 146.5G 0 crypt / / e0a93c98-88a8-4fc9-9948-acdb423d05fd └─nvme0n1p6 259:6 0 18.6G 0 part [SWAP] [SWAP] 72db96da-87e4-4b17-a622-6a4d56b314c6
4 ❯ cryptsetup luksDump /dev/nvme0n1p5 # ~ LUKS header information for /dev/nvme0n1p5 Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec: sha256 Payload offset: 4096 MK bits: 512 UUID: 74c51543-eb14-4f61-afeb-b5de6c10a32a
❯ cat /etc/default/grub | grep -v -e '^[[:space:]]*$' -e '^#' # ~ GRUB_DEFAULT=saved GRUB_TIMEOUT=5 GRUB_TIMEOUT_STYLE=hidden GRUB_DISTRIBUTOR="Manjaro" GRUB_CMDLINE_LINUX_DEFAULT="quiet luks.uuid=74c51543-eb14-4f61-afeb-b5de6c10a32a luks.options=discard,no_read_workqueue,no_write_workqueue root=/dev/mapper/luks-e0a93c98-88a8-4fc9-9948-acdb423d05fd splash apparmor=1 security=apparmor udev.log_priority=3" GRUB_CMDLINE_LINUX="" GRUB_SAVEDEFAULT=true GRUB_PRELOAD_MODULES="part_gpt part_msdos" GRUB_TERMINAL_INPUT=console GRUB_GFXMODE=1280x768x32,auto GRUB_DISABLE_RECOVERY=false GRUB_DISABLE_OS_PROBER=false GRUB_COLOR_NORMAL="light-gray/black" GRUB_COLOR_HIGHLIGHT="green/black" GRUB_THEME="/usr/share/grub/themes/manjaro/theme.txt" GRUB_ROOT_FS_RO=true GRUB_ENABLE_CRYPTODISK=y
from what I understand
systemd-cryptsetup-generator shouldn’t need more options, I do have an
/etc/crypttab but everything is commented out.
I’m fairly confident that
GRUB_CMDLINE_LINUX_DEFAULT is my only problem, I’m not certain what it should be though. google isn’t finding me a lot of (read no) examples of how to do this with the output of
END SE Content
/etc/cyrpttab because I was smart enough to make a backup
# /etc/crypttab: mappings for encrypted partitions. # # Each mapped device will be created in /dev/mapper, so your /etc/fstab # should use the /dev/mapper/<name> paths for encrypted devices. # # See crypttab(5) for the supported syntax. # # NOTE: Do not list your root (/) partition here, it must be set up # beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies # to encrypted swap, which should be set up with mkinitcpio-openswap # for resume support. # # <name> <device> <password> <options> #luks-74c51543-eb14-4f61-afeb-b5de6c10a32a UUID=74c51543-eb14-4f61-afeb-b5de6c10a32a /crypto_keyfile.bin luks,allow-discards,no_read_workqueue,no_write_workqueue