after today’s update, I can’t boot my Thinkpad. The update notes said:
You need to re-install grub on your system to complete the security fix
I assumed that I was supposed to re-install grub after a reboot with the new kernel and packages. I guess I was wrong…?
My Manjaro installation uses full disk encryption. After entering my passphrase, the machine attempts to decrypt for a while as usual, but then drops me into grub rescue. The error messages are:
error: access denied.
error: no such cryptodisk found
error: disk ‘cryptouuid/[string]’ not found
Entering rescue mode…
I already tried chrooting into my installation and reinstalling grubs following this guide from the old forum,, but didn’t deal with / understand how to deal with LVM, which is probably the reason my repair attempt wasn’t succesful?
Anyways, I’d be thankful for your help. Alternatively, I could just re-install I supposed? I’d quite like to repair my current installation, though.
grub install should only be performed when you know what you do. Especially when LUKS or any encryption is involved. Even on Ubuntu they don’t force grub to be installed automatically, as they had too many reports of broken systems. Sure the issue is given, but you need local access to the machine to perform it. To fully fix it, even the vendors have to ship new bios updates and such.
So if we know more about your partition-table we may be able to help you.
I have similar issue but I don’t even get the grub rescue prompt, just a blank screen. So there’s no way to fix, we just have to accept that full reinstall will be necessary when Manjaro updates?
With today’s stable update we also released new install medias:
They may give a good base-line to try. Having your filesystems encrypted is always a trouble when updating the bootloader. You really have to know what you’re doing. All the install guidelines are more or less written without LUKS and LVM in mind.
So each bootloader issue might be different here. That is one reason that we don’t do it automatically.
So if I understand you correctly, my mistake was assuming that if the update notes mention
You need to re-install grub on your system to complete the security fix
that means I actually should re-install grub to complete the security fix. Okay.
Anyways, I only tried re-installing grub after my system was unable to boot in the first place with the error messages mentioned above. I’ll try to update this topic with my partition-table.
To complete the security fix a reinstall of grub is needed. However, most of our installations are not encrypted. The basic commands listed in most of the wiki posts are for regular installations.
So to understand more, we need to know:
which release was used to install Manjaro?
which installer was used? Calamares or Architect?
what install mode was chosen?
how does your partition table looks like?
We have to write that the fix is only completed by re-install of grub, but we can’t detect what steps are needed to be done on your install, when not knowing the details.
If encrypted root is not really supported and can be expected to break whenever there is an update, maybe there should be a warning in the installer about this? The one-click-to-encrypt feature of the installer was a major reason why I chose Manjaro over Ubuntu.
I understand that using encryption complicates things, but this is a ultra-portable notebook containing sensitive data. I have to use it in environments where it could conceivably be stolen. Would you suggest just encrypting /home for that use case?
Anyways, to the best of my ability:
I installed from Lysia 20.0.3, uname -r says 5.6.15-1-MANJARO
I used Calamares
I installed using “Erase disk” mode, created a swap with hibernation and chose to encrypt the system
Hopefully, as far as partition tables go, this is what you meant?
I believe with Manjaro’s setup, grub uses en_us by default at that stage of the decryption process? While there are special characters, I set the password with en_us in mind.
Aaaand I’m back in my system. You were right, it actually was an issue related to the keyboard layout. Mostly, it was an issue related to me being an idiot. On the upside, I ended up successfully re-installing grub anyways, so the security issue should hopefully be fixed.
Thank you, your reply really gave me the right idea!
Maybe post your solution here @Florian so others with similar issue might find a little guideline to fix also their boot problem. I’m glad you managed to fix the issue on your own.
I’d have posted the solution to avoid certain problems, but as I said, the solution mostly involves me being an idiot and Manjaro being too damn stable.
See, the truth is, I just had no reason to reboot for a long while. So when I finally did reboot (because of today’s update), I had forgotten that I used a password that requires me to enter two characters with en_us mapping instead of de_de. I thought I had entered it using en_us during the setup process, but apparently I decided to add a layer of confusion for myself.
So, as I said, as much as I’d love to offer a solution that might be helpful for a future reader, I can only offer the following:
Reboot Manjaro from time to time even if it’s super stable, just so you don’t forget how to do it and
ask yourself “Am I being an idiot right now” a bit longer before starting a thread at the forums that implies a non-existing problem.
Hey Phil (or others,) the encryption chrooting process is fairly straightforward and the default Calamares encryption option hasn’t included LVM in the past. I also have an encrypted swap partition (again, created by default) – can that be ignored when mounting items to simply reinstall grub? (It’s been a while since Eugen’s guide was made.) Are all of the items in /etc/default/grub preserved during the reinstallation of grub or will this file need to be restored from a backup?
@Florian – it looks like “sda3” in your case is also an encrypted swap partition. Did you do anything with regards to this item?
Alright guys, I went through the process again, after “re-installing” grub, /etc/default/grub didn’t seem to be affected but…this may be a dumb question – how do we know we’re probably updated?
If you need to reinstall grub on an encrypted system, you might want to try to the system rescue function of manjaro-architect. It should set your grub configuration correct for the encrypted system.
That said, the right grub configuration should have already been in place if you are reinstalling grub…
