[root tip] [How To] Validate your swap configuration (btrfs - luks encrypted)

When you choose to install Manjaro with below option you may be greeted with a boot error failed to open keyfile and hibernation device not found.

  • btrfs filesystem
  • with full disk encryption
  • enable swap
  • enable hibernation (this part requires special attention)

The issue is due a missing configuration in the /etc/openswap.conf and has been troubleshooted in Calamares Github repo with EndevourOS developer @killajoe to nail it.

openswap provides early access to the configured swap thus facilitating resume from a hibernated state.

The file has 4 parts all populated with example values - and thus needs to be setup properly for your system.

The needed values can be retrieved using this command

lsblk -a

The following example is taken from my laptop using a default Manjaro install selecting btrfs, swap and hibernation.

NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1                                       259:0    0 465,8G  0 disk  
├─nvme0n1p1                                   259:1    0   300M  0 part  /boot/efi
├─nvme0n1p2                                   259:2    0 456,7G  0 part  
│ └─luks-38e022f5-df0d-4a9a-b63c-0b606bd8650f 254:0    0 456,7G  0 crypt /var/cache
│                                                                        /var/log
│                                                                        /home
│                                                                        /
└─nvme0n1p3                                   259:3    0   8,8G  0 part  
  └─luks-0bed12b5-f37f-432a-ac2c-ad2f216ecdca 254:1    0   8,8G  0 crypt [SWAP]

:information_source: Quite obviously you need to replace the example values with actual values from your system.

1. swap device identification

default entries

## cryptsetup open $swap_device $crypt_swap_name
## get uuid using e.g. lsblk -f

modifed entries

Using the output we modify the default to contain the value for the swap partition placing the UUID part in swap_device line


And the name luks-UUID as the crypt_swap_name


2. keyfile location

default entries

## one can optionally provide a keyfile device and path on this device
## to the keyfile

modified entries

Then we modify the keyfile deivce options - setting the device identifier - this time it is the luks partition containing the root


and a pointer to the file - usually in the system root


3. keyfile device mount options

default entries

## additional arguments are given to mount for keyfile_device
## has to start with --options (if so desired)

modified entry

This part is crucial for the system to be able to mount the device containing the keyfile


4. luks options for swap device

default entries

## additional arguments are given to cryptsetup
## --allow-discards options is desired in case swap is on SSD partition
cryptsetup_options="--type luks"

modified entry (optional)

This part requires minimal attention - you could do as suggested and add the discards

cryptsetup_options="--type luks --allow-discards"

Then run

sudo mkinitcpio -P

And you are done.


A post was split to a new topic: I forgot to set up the swap encryption and I’m trying to set it up now