New Manjaro install blocked by master key decryption issue

I have a brand new Acer Spin 5 laptop - 16GB RAM, 512GB SSD. I installed Manjaro only, wiping out the default Win10 OS. First, I turned off Secure Boot, switched SATA mode to AHCI (the SSD drive could not be seen if this was not done, & disabled fast boot.

I did manual partitioning:

  • 212 MB /boot/efi - formatted FAT32, “boot” flag set
  • 16 GB swap [encrypted]
  • 50 GB / [encrypted] - ext4
  • ~300GB /home [encrypted] - ext4

The install finished without a hitch.

When I try to boot into it I get this:

I cannot get past this. I have tried my Manjaro account password (which should not work, but I was desperate), and the password I used to encrypt each of the 3 encrypted partitions - the same one in each case. Nothing works. I use.d no other passwords in the installation

I have no idea what to do with “grub rescue” and didn’t find an easy answer when I searched (although it must be out there somewhere!).

I would just reinstall and try no-encryption, but now I cannot get the machine to boot from my USB optical drive containing the ISO. The only options offered me on either F12 or when accessing BIOS is to boot from “Manjaro” or my SDD drive. Selecting either one just gets me back to the master key problem.

I’m definitely in over my head here. Any suggestions? Not being able to get to my optical drive is BAD.

Did you use any special characters from a non US keyboard?

1 Like

regarding the boot issue I like to point to this tread on the Acer forum.

  • No. Just the standard American English keyboard.
  • Unfortunately that thread is no help. The person there got himself into trouble and didn’t appear to get out.

UPDATE: I have a working, accessible install now. It’s running the initial post-install updates.

The solution to the problem above (no response to input), at least for the moment, was to input once the password used for encryption of each of the 3 encrypted volumes, then just wait. It takes about a minute to response, then a normal bootup goes forward.

The ACER name appears onscreen, which is normal, then the request for the decryption password appears in small letters in the upper left corner of the screen.

Is this text position, and the response delay normal?

I see - I didn’t realize you had three separate encrypted partitions and thus needed to unlock all three.

Yes the delay is around 30-60 seconds depending on a lot of factors - most notably the round trip value use at initialization.

Encrypted systems is always a trade-off on the how secure the system is vs. usablity.

My personal recommendation for an encrypted system with no dual boot is a manual installation choosing systemd as bootloader and no swap partition but a swap file. Also to disable sleep and hibernate functionality - either on or off.

The reason a default install is taking so long to decrypt is due to grub not supporting LUKS2 and the fact the /boot is inside the encrypted root.

It is possible to shorten the decryption time still using GRUB but that requires a separate unencrypted partition mounted at /boot.

Thanks! That’s a helpful and very interesting response. I will return tomorrow to study it and see if I can use some or all of it. Much appreciated.

I have written a lot of documentation on how I have done different installs. Some of them has been transferred from the archive - others remain.

After the earlier accident with the forum - I have begun storing the documents on a web server - later putting them on the forum. Feel free to take a look around at

Just ensure quote tags on separate lines - answer in new line.

I will…

Re: that and your help re: my quotes tags problem - thanks! This has been a very educational evening!