No separate /home. Just went for the default encrypted installation procedure provided with Live USB.
Thanks for the clarification, I can’t be of any help anymore. Good luck.
From what I recall about that default encrypted installation procedure
the last time I used it was at least 10 weeks ago
is that this actually encrypts the whole system - it puts it in an luks (version 1) encrypted container
all of it
and Grub then opens/decrypts that - and then the system normally boots.
There is no selective encryption of, say, just /home or other parts - it’s all or nothing.
… so, we where watching a video of a flaw in a system that does not even exist anymore?
and we still have no facts …
good luck, then 
1 Like
I can reproduce that flaw by just installing a fresh encrypted Manjaro as described. Doing a backup before and then a clean install is no problem. If I would still have this system I couldn’t even work with my PC atm. That would be a problem for me.
I can’t provide more as that video and the FACT, that I did a clean install with default options, encrypted. As I’m not able to unencrypt by typing a password I can’t provide the information you requested because I can’t login and use a terminal.
I think I give up and let it be unencrypted by now with just /home encryption by eCryptfs.
Thanks for your time
The output of some commands was requested - so that people could learn about what you are seeing.
Your actual situation vs what you think it is or should be.
Descriptions are vague - we need data.
Which we still don’t have … and we can’t simply look as we are not sitting at the machine.
Maybe we should just return the favor and stay vague also… 
This is reply #26 and STILL nothing but descriptions of the problem, i personally am going to skip this thread
I understand what you mean. But how can I provide output from commands that I actually can’t input into terminal because my system won’t start because I can’t input the password?
If I can do sth. else please tell me. I’m not very familiar with external tools for investigating on this…
Use a Live-ISO to boot from…
@TriMoon @Nachlese
Please don’t get me wrong guys. I really appreciate your help and time.
I will reinstall encrypted and try to get the requested infos by using a Live-ISO…
I suggest you use a removable device/USB to test the encrypted install. This way you don’t have to worry about the running system. With Arch you only need the arch-install-scripts package to start the install from the existing system even, not sure this works for the manjaro installer.
I now installed encrypted on an external HDD (with USB-SATA adapter) and booted from that HDD. Now it behaves like:
- Password prompt comes up
- Prompt disappears after 2-3sec
- Entering password blindly
- Prompt appears again, saying “Attempt to unlock” (or sth. similar)
- Unlock successful
- Grub appears and then proceeds to login screen.
From console on fresh install:
inxi --admin --verbosity=7 ✔
System:
Host: andreas-nuc8i3beh Kernel: 6.1.12-1-MANJARO arch: x86_64 bits: 64
compiler: gcc v: 12.2.1 parameters: BOOT_IMAGE=/boot/vmlinuz-6.1-x86_64
root=UUID=08585b94-b7e6-4a71-a378-d73e96d55c80 rw quiet
cryptdevice=UUID=63d6d699-7948-45a5-bcfd-1337b3558eb9:luks-63d6d699-7948-45a5-bcfd-1337b3558eb9
root=/dev/mapper/luks-63d6d699-7948-45a5-bcfd-1337b3558eb9 splash
resume=/dev/mapper/luks-821f5c9d-58ed-4877-b3ec-867bef4d073a
udev.log_priority=3
Desktop: KDE Plasma v: 5.26.5 tk: Qt v: 5.15.8 wm: kwin_x11 vt: 1 dm: SDDM
Distro: Manjaro Linux base: Arch Linux
Machine:
Type: Mini-pc System: Intel Client Systems product: NUC8i3BEH v: K31299-305
serial: <superuser required> Chassis: Intel Corporation type: 35 v: 2.0
serial: <superuser required>
Mobo: Intel model: NUC8BEB v: J72693-305 serial: <superuser required>
UEFI: Intel v: BECFL357.86A.0090.2022.0916.1942 date: 09/16/2022
Battery:
Message: No system battery data found. Is one present?
Memory:
RAM: total: 7.63 GiB used: 1.14 GiB (14.9%)
RAM Report: permissions: Unable to run dmidecode. Root privileges
required.
CPU:
Info: model: Intel Core i3-8109U bits: 64 type: MT MCP arch: Coffee Lake
gen: core 8 level: v3 note: check built: 2017 process: Intel 14nm family: 6
model-id: 0x8E (142) stepping: 0xA (10) microcode: 0xF0
Topology: cpus: 1x cores: 2 tpc: 2 threads: 4 smt: enabled cache:
L1: 128 KiB desc: d-2x32 KiB; i-2x32 KiB L2: 512 KiB desc: 2x256 KiB
L3: 4 MiB desc: 1x4 MiB
Speed (MHz): avg: 3000 min/max: 400/3600 scaling: driver: intel_pstate
governor: powersave cores: 1: 3000 2: 3000 3: 3000 4: 3000 bogomips: 24008
Flags: 3dnowprefetch abm acpi adx aes aperfmperf apic arat
arch_capabilities arch_perfmon art avx avx2 bmi1 bmi2 bts clflush
clflushopt cmov constant_tsc cpuid cpuid_fault cx16 cx8 de ds_cpl dtes64
dtherm dts epb ept ept_ad erms est f16c flexpriority flush_l1d fma fpu
fsgsbase fxsr ht hwp hwp_act_window hwp_epp hwp_notify ibpb ibrs ida
intel_pt invpcid invpcid_single lahf_lm lm mca mce md_clear mmx monitor
movbe mpx msr mtrr nonstop_tsc nopl nx pae pat pbe pcid pclmulqdq pdcm
pdpe1gb pebs pge pln pni popcnt pse pse36 pti pts rdrand rdseed rdtscp
rep_good sdbg sep smap smep ss ssbd sse sse2 sse4_1 sse4_2 ssse3 stibp
syscall tm tm2 tpr_shadow tsc tsc_adjust tsc_deadline_timer vme vmx vnmi
vpid x2apic xgetbv1 xsave xsavec xsaveopt xsaves xtopology xtpr
Vulnerabilities:
Type: itlb_multihit status: KVM: VMX disabled
Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT
vulnerable
Type: mds mitigation: Clear CPU buffers; SMT vulnerable
Type: meltdown mitigation: PTI
Type: mmio_stale_data mitigation: Clear CPU buffers; SMT vulnerable
Type: retbleed mitigation: IBRS
Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
prctl
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
sanitization
Type: spectre_v2 mitigation: IBRS, IBPB: conditional, RSB filling,
PBRSB-eIBRS: Not affected
Type: srbds mitigation: Microcode
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: Intel CoffeeLake-U GT3e [Iris Plus Graphics 655] driver: i915
v: kernel arch: Gen-9.5 process: Intel 14nm built: 2016-20 ports:
active: DP-1 empty: DP-2,HDMI-A-1 bus-ID: 00:02.0 chip-ID: 8086:3ea5
class-ID: 0300
Display: x11 server: X.Org v: 21.1.7 compositor: kwin_x11 driver: X:
loaded: modesetting alternate: fbdev,vesa dri: iris gpu: i915 display-ID: :0
screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
s-diag: 582mm (22.93")
Monitor-1: DP-1 model: Fujitsu Siemens B23T-6 LED serial: YV4E028152
built: 2011 res: 1920x1080 hz: 60 dpi: 96 gamma: 1.2
size: 509x286mm (20.04x11.26") diag: 584mm (23") ratio: 16:9 modes:
max: 1920x1080 min: 720x400
API: OpenGL v: 4.6 Mesa 22.3.5 renderer: Mesa Intel Iris Plus Graphics
655 (CFL GT3) direct-render: Yes
Audio:
Device-1: Intel Cannon Point-LP High Definition Audio driver: snd_hda_intel
v: kernel alternate: snd_soc_skl,snd_sof_pci_intel_cnl bus-ID: 00:1f.3
chip-ID: 8086:9dc8 class-ID: 0403
Sound API: ALSA v: k6.1.12-1-MANJARO running: yes
Sound Server-1: JACK v: 1.9.22 running: no
Sound Server-2: PulseAudio v: 16.1 running: yes
Sound Server-3: PipeWire v: 0.3.65 running: no
Network:
Device-1: Intel Cannon Point-LP CNVi [Wireless-AC] driver: iwlwifi v: kernel
bus-ID: 00:14.3 chip-ID: 8086:9df0 class-ID: 0280
IF: wlp0s20f3 state: down mac: 2a:51:e9:45:a1:4f
Device-2: Intel Ethernet I219-V driver: e1000e v: kernel port: N/A
bus-ID: 00:1f.6 chip-ID: 8086:15be class-ID: 0200
IF: eno1 state: up speed: 1000 Mbps duplex: full mac: 1c:69:7a:00:f2:54
IP v4: 192.168.188.22/24 type: dynamic noprefixroute scope: global
broadcast: 192.168.188.255
IP v6: 2001:16b8:31b6:2900:1c6f:7e4f:304c:a610/64
type: dynamic noprefixroute scope: global
IP v6: fe80::66be:4467:667d:851b/64 type: noprefixroute scope: link
WAN IP: 94.134.153.82
Bluetooth:
Device-1: Intel Bluetooth 9460/9560 Jefferson Peak (JfP) type: USB
driver: btusb v: 0.8 bus-ID: 1-10:3 chip-ID: 8087:0aaa class-ID: e001
Report: rfkill ID: hci0 rfk-id: 0 state: up address: see --recommends
Logical:
Message: No logical block device data found.
Device-1: luks-63d6d699-7948-45a5-bcfd-1337b3558eb9 maj-min: 254:0
type: LUKS dm: dm-0 size: 922.41 GiB
Components:
p-1: sdb2 maj-min: 8:18 size: 922.42 GiB
Device-2: luks-821f5c9d-58ed-4877-b3ec-867bef4d073a maj-min: 254:1
type: LUKS dm: dm-1 size: 8.8 GiB
Components:
p-1: sdb3 maj-min: 8:19 size: 8.8 GiB
RAID:
Message: No RAID data found.
Drives:
Local Storage: total: 2.05 TiB used: 7.79 GiB (0.4%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: KIOXIA model: EXCERIA SSD
size: 232.89 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s
lanes: 4 type: SSD serial: 20LA80HAK4N1 rev: ECFA12.b temp: 28.9 C
scheme: GPT
ID-2: /dev/sda maj-min: 8:0 vendor: Crucial model: CT1000MX500SSD1
size: 931.51 GiB block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s
type: SSD serial: 2208E60E6073 rev: 043 scheme: GPT
ID-3: /dev/sdb maj-min: 8:16 type: USB vendor: Sabrent model: SABRENT
size: 931.51 GiB block-size: physical: 4096 B logical: 512 B type: N/A
serial: DB9876543214E rev: 0204 scheme: GPT
Message: No optical or floppy data found.
Partition:
ID-1: / raw-size: 922.41 GiB size: 906.86 GiB (98.31%) used: 7.79 GiB (0.9%)
fs: ext4 dev: /dev/dm-0 maj-min: 254:0
mapped: luks-63d6d699-7948-45a5-bcfd-1337b3558eb9 label: N/A
uuid: 08585b94-b7e6-4a71-a378-d73e96d55c80
ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
used: 472 KiB (0.2%) fs: vfat dev: /dev/sdb1 maj-min: 8:17 label: N/A
uuid: BDE4-1702
Swap:
Kernel: swappiness: 60 (default) cache-pressure: 100 (default)
ID-1: swap-1 type: partition size: 8.8 GiB used: 0 KiB (0.0%) priority: -2
dev: /dev/dm-1 maj-min: 254:1
mapped: luks-821f5c9d-58ed-4877-b3ec-867bef4d073a label: swap
uuid: 85fdb1d9-5446-4e40-a912-4fc89db6c91f
Unmounted:
ID-1: /dev/nvme0n1p1 maj-min: 259:1 size: 300 MiB fs: vfat label: N/A
uuid: 0ACA-8AC8
ID-2: /dev/nvme0n1p2 maj-min: 259:2 size: 223.79 GiB fs: ext4 label: N/A
uuid: b974eff3-1a48-4d18-a435-419d547609e6
ID-3: /dev/nvme0n1p3 maj-min: 259:3 size: 8.8 GiB fs: swap label: swap
uuid: bdd2935f-448d-4529-9119-3c5ec9269dc3
ID-4: /dev/sda2 maj-min: 8:2 size: 234.38 GiB fs: ext4 label: SystemImage
uuid: f6e80c9f-1530-49f5-9167-0a53263ff4d2
USB:
Hub-1: 1-0:1 info: Hi-speed hub with single TT ports: 12 rev: 2.0
speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900
Hub-2: 1-4:2 info: Microchip (formerly SMSC) USB 2.0 Hub ports: 4 rev: 2.0
speed: 480 Mb/s power: 2mA chip-ID: 0424:2514 class-ID: 0900
Device-1: 1-4.1:4 info: Cherry GmbH Keyboard type: Keyboard,HID
driver: hid-generic,usbhid interfaces: 2 rev: 2.0 speed: 1.5 Mb/s
power: 100mA chip-ID: 046a:b090 class-ID: 0300
Device-2: 1-4.2:5 info: Logitech Mouse type: Mouse
driver: hid-generic,usbhid interfaces: 1 rev: 2.0 speed: 1.5 Mb/s
power: 100mA chip-ID: 046d:c077 class-ID: 0301
Device-3: 1-10:3 info: Intel Bluetooth 9460/9560 Jefferson Peak (JfP)
type: Bluetooth driver: btusb interfaces: 2 rev: 2.0 speed: 12 Mb/s
power: 100mA chip-ID: 8087:0aaa class-ID: e001
Hub-3: 2-0:1 info: Super-speed hub ports: 6 rev: 3.1 speed: 10 Gb/s
chip-ID: 1d6b:0003 class-ID: 0900
Device-1: 2-2:2 info: JMicron / USA JMS561U two ports SATA 6Gb/s bridge
type: Mass Storage driver: uas interfaces: 1 rev: 3.0 speed: 5 Gb/s
power: 896mA chip-ID: 152d:1561 class-ID: 0806 serial: DB9876543214E
Sensors:
System Temperatures: cpu: 30.0 C pch: 29.0 C mobo: N/A
Fan Speeds (RPM): N/A
Info:
Processes: 182 Uptime: 8m wakeups: 0 Init: systemd v: 252 default: graphical
tool: systemctl Compilers: gcc: 12.2.1 clang: 15.0.7 Packages: pm: pacman
pkgs: 1046 libs: 308 tools: pamac Shell: Zsh v: 5.9 default: Bash v: 5.1.16
running-in: konsole inxi: 3.3.25
When installed to internal NVME Disk the password prompt appears after Grub.
fstab:
GNU nano 7.2 /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
UUID=BDE4-1702 /boot/efi vfat umask=0077 0 2
/dev/mapper/luks-63d6d699-7948-45a5-bcfd-1337b3558eb9 / ext4 defaults,noatime 0 1
/dev/mapper/luks-821f5c9d-58ed-4877-b3ec-867bef4d073a swap swap defaults,noatime 0 0
Somehow it behaves as if the password prompt is a parallel process and on NVME disk is overtaken by Grub
This is probably your original unencrypted grub boots and the passphrase is for the new encrypted root then.
Going back to your initial issue, now the prompt appears for 2-3 seconds, that’s something. You have to keep in mind the grub password prompt does always time out quickly, but of course screen output should stay on. My first try to improve that would be to add the i915 module to the initramfs of the encrypted external install. You know how to do that? You boot the encrypted install, edit its /etc/mkinitcpio.conf and add i915 to the MODULES=() array, then regenerate its initramfs with # mkinitcpio -P. then try again to boot it.
the OP says it was like that always, it appears for 3 seconds…
I can try, but as @varikonniemi says, I always had a timeout of about 2-3secs until the password prompt disappears. What exactly is that i915 module doing?
I found out that googling is actually something everybody can do 
. Should be an Intel graphics driver module.
LMGTFY
Simply put there have been no hardware changes that force forking the driver since the i915.
All i915 and later Intel GPUs use this driver because of that. That is not to say that the driver doesn’t alter it’s behavior to take advantage of the newer chips, just that it’s using the same core algorithms, particularly for things like memory allocation.
I read your reply two days ago as if points:
are new compared to your original posting. That’s why I thought it makes sense to try get it to stop the screen blanking. It’s actually unlikely the i915 is not included in the initramfs already (got it in your inxi output), but the idea was to ensure it is. Probably something related (kms) leads to the screen blanking.
If the blanking is not the primary problem but the short time-out (I don’t know how to prolong it), this effort is futile.
Now I had time to try it. Including the i915 module doesn’t change anything at all. As you expected. But now we’re sure it’s in initramfs.
Still timing out after about 3 seconds. Entering the password while the black screen is present still works.
There is some other, previous, remnant, whatever … issue going on.
I have said it before - and will say it again:
with full disk encryption, as done with the Manjaro Calamares installer
there will be a prompt for a password
to decrypt the encrypted volume.
There will only be ONE try - before it goes to grub rescue when the pass phrase was incorrect
… power down to try again …
only one!
The prompt for the password will just keep sitting there, indefinitely.
Waiting for (correct) input.
no timeout!
none!
never!
the boot will continue if the correct pass phrase is given
the boot will end up in Grub rescue if it was incorrect.
There is no time out.
… there just isn’t
No way - there is no timeout for Grub to wait until you entered … anything … before it starts trying to decrypt the encrypted container.
Your issues are because of something else, something remnant, something that went before - and which is still getting in your way,
I think you are on a wild goose chase - go back to basics.
I finally solved the problem by coincidence:
I have setup a second machine running debian terminal only, connected to a KVM switch. The same behaviour as with the passphrase timeout occured on terminal login. Strange.
From early homeoffice days I had an additional VGA cable connected to my monitor. Just laying around in the conduit, not connected to a signal source. The monitor simply switched the input channel to VGA (where floating signals may occur?) and didn’t notify with a message e.g. on screen. After removing the cable no switch events occur and I’m finally able to enter my password.
No timeout! None! Never!
2 Likes
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.