Latest manjaro iso, asks password for swap

P_20260107_1016501920×1585 250 KB

The system is bootable, hibernate works, however, an additional request for the password for the swap partition after event openswap.

Clean install with erase disk. Swap with hibernate in separate partition, root btrfs, both encrypted.
I tried manual partitioning, and the one provided by the installer, same result, the difference in UUIDs only.

When I open from the another drive, both root and swap are luks and can be opened using the same password.

I tried explicitly add cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin which changes nothing

crypttab

luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91 UUID=891a33ff-014e-4bf5-8280-e18b4ad5ec91     /crypto_keyfile.bin luks
luks-45b01f03-eb46-4db2-abc4-84c0077def75 UUID=45b01f03-eb46-4db2-abc4-84c0077def75     /crypto_keyfile.bin luks

fstab

UUID=23B9-F323                            /boot/efi      vfat    defaults,umask=0077 0 2 
/dev/mapper/luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91 /              btrfs   subvol=/@,defaults,compress=zstd:1 0 0 
/dev/mapper/luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91 /home          btrfs   subvol=/@home,defaults,compress=zstd:1 0 0
/dev/mapper/luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91 /var/cache     btrfs   subvol=/@cache,defaults,compress=zstd:1 0 0 
/dev/mapper/luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91 /var/log       btrfs   subvol=/@log,defaults,compress=zstd:1 0 0
/dev/mapper/luks-45b01f03-eb46-4db2-abc4-84c0077def75 swap           swap    defaults   0 0
tmpfs                                     /tmp           tmpfs   defaults,noatime,mode=1777 0 0

mkinitcpio

BINARIES=()
FILES=(/crypto_keyfile.bin)
HOOKS=(base udev autodetect microcode kms modconf block keyboard keymap consolefont encrypt openswap resume filesystems)

grub

GRUB_CMDLINE_LINUX_DEFAULT='cryptdevice=UUID=891a33ff-014e-4bf5-8280-e18b4ad5ec91:luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91 root=/dev/mapper/luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91
 resume=/dev/mapper/luks-45b01f03-eb46-4db2-abc4-84c0077def75 udev.log_priority=3'

I don’t know why - I will of course, try to verify this; I have a laptop for this specific purpose - the first that comes to mind is a change mkinitcpio-openswap.

If you look at the /etc/openswap.conf there is a warning - it is not an old warning - I don’t know when it appeared.

I do suspect that due to this uncertainty around file system integrity there may have been a change somewhere - but I have no clue.

I do know how you can work around though - if interested.

UPDATE:

To be able to input the password for the second disk you will have to press Esc when the plymouth splash screen starts or disable plymouth by editing the cmdline in grub (remove splash and quiet).

As I suspected it is a change in /etc/openswap.conf which default unlock_method=password.

To solve your immediate issue - I understand that you can load your system - entering the passphrase twice - is that correct?

If yes - when system has loaded - edit the file /etc/openswap.conf and buried in between the unlock_method comment and warning comment is the property that causes your issue

## unlock_method can be either password, keyfile or keyfile_raw
## keyfile will use the keyfile_device and keyfile_filename to unlock the swap
## keyfile_raw will use the keyfile_device and keyfile_block_number to unlock the swap
## password will prompt for the password to unlock the swap
## if unlock_method is not set, then method is keyfile if keyfile_device and keyfile_filename are set
## otherwise it is password
unlock_method="password"
####### WARNING: There is a risk of data loss when using unlock_method="keyfile"
## You should double-check keyfile_device_mount_options,
## and note that this method is potentially dangerous regardless.
## https://docs.kernel.org/power/swsusp.html
## https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption#busybox-based_initramfs

Edit the line reading unlock_method="password" to read unlock_method="keyfile", then saved the file and rebuild your init

Be aware that a warning is now present - about the potential disaster - that may come from using keyfile unlocking

  -> Running build hook: [openswap]
==> WARNING: you are using potentially dangerous unlock_method keyfile, please make sure you know what you are doing
==> WARNING: https://docs.kernel.org/power/swsusp.html
==> WARNING: https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption#busybox-based_initramfs

mkinitcpio -P
update-grub

I have been aware of the change for some time - I don’t remember any internal discussion.

I thought this was handled by the Calamares framework, if true it is an upstream issue that need to be addressed, but it is also possible that it is Manjaro specific module code that handles it - but I don’t for sure.

I will dig into the matter though.

Ok, thanks! Looks like I’ve found one more solution. I managed to switch from udev to systemd and everything works ok.
I changed these things

FILES=(/crypto_keyfile.bin /etc/crypttab.initramfs)
HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole sd-encrypt block filesystems fsck)

copied crypttab to crypttab.initramfs

removed cryptdevice=UUID... from grub

GRUB_CMDLINE_LINUX_DEFAULT='root=/dev/mapper/luks-891a33ff-014e-4bf5-8280-e18b4ad5ec91 resume=/dev/mapper/luks-45b01f03-eb46-4db2-abc4-84c0077def75'

With the changes provided above, I fixed the secod password request plus hibernate is working.

To me looks like the sequence udev encrypt openswap got somehow broken. It worked for ages, but somehow stopped working in the latest ISO.

I’m not sure if it relevant, but there are two disks in my machine, and one of them is external usb nvme drive, which I use to try all major releases.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.