Can't boot encrypted Manjaro after installing Windows 10.

The link "making grub-mkrescue" is to make the iso file.
To make the bootable usb, I normally use dd

sudo dd bs=4M if=anyname.iso of=/dev/sdd

ps: as usual, careful that you choose of=/dev/sdx carefully and 'x' and not 'xy'
and 'if=anyname.iso' is the path to the made iso file.
So from root, it may be "of=/home/<manjarouser>/anyname.iso"
Remember 'dd' is not called 'disk destroyer' for nothing.
But if in doubt, use a safer burning tool like k3b (kde) or brasero (gnome) or any other disk burner that comes with your DE.

Long ago, I burn to a cdrom or dvd, remember it takes less than 50 MB; but now I don't do this anymore but I don't have encryption (and I have another way for my many OS's and too complicated for just a few OS's).

As for the UUID, if you boot up from Manjaro's grub without any error message, that should be fine and usable for this grub-rescue cd. But print out in full this error message if you get it from the grub boot. I cannot see this message

If unsure, provide
sudo blkid
cat /etc/crypttab
cat /etc/fstab {if changed}

Oh... your fstab... not a good thing to have 'discard'
Make that

# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
/dev/mapper/luks-b98b7c10-be38-4ad2-9386-db4c85e08436 /home          ext4    defaults,noatime 0 2
UUID=D21E-4DD9                            /boot/efi      vfat    defaults,noatime 0 0
/dev/mapper/luks-17a2a4d7-50ad-464a-a5ac-b296631a8dae /              ext4    defaults,noatime 0 1
/dev/mapper/luks-26c904e6-54b6-48bc-afe4-f11ae1e50291 swap           swap    defaults,noatime 0 2
# tmpfs


Note I removed 'discard' in all entries
I change /boot/efi pass from 0 2 to 0 0
and commented out tmpfs

Do again 'sudo update-grub' and see if error message is still there. I think your UUID is alright but without your /etc/crypttab and blkid, I'm not too sure. Just thinking that that should be correct somehow.

Good luck.

sudo blkid
/dev/nvme0n1p1: UUID="4aee0162-caa8-4ba8-90e7-422f514bebd7" TYPE="crypto_LUKS" PARTUUID="1d758fc9-854b-574a-8f40-b94fc5e78903"
/dev/loop0: TYPE="squashfs"
/dev/loop1: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
/dev/sda1: UUID="71a824ab-0637-4256-ae13-05837370b207" TYPE="crypto_LUKS" PARTUUID="000ea751-01"
/dev/sdb1: UUID="b98b7c10-be38-4ad2-9386-db4c85e08436" TYPE="crypto_LUKS" PARTUUID="3a8aa0af-ecc6-4067-8710-331b899f7487"
/dev/sdc1: UUID="2019-03-12-09-01-11-00" LABEL="M1804" TYPE="iso9660"
/dev/sdc2: SEC_TYPE="msdos" LABEL_FATBOOT="MISO_EFI" LABEL="MISO_EFI" UUID="BB93-7505" TYPE="vfat"
/dev/sde1: UUID="ce3460e9-3be5-4d70-8f41-1c897bc8d53c" TYPE="crypto_LUKS" PARTUUID="9a2e14e1-452b-468c-920a-0118db0a4a48"
/dev/sdf2: UUID="AE2405DD2405A983" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="13aa7681-f160-42f9-8456-9b2bfb2beb84"
/dev/sdg1: UUID="D21E-4DD9" TYPE="vfat" PARTUUID="b00c57c5-828c-4f75-aa6d-82a51ebde768"
/dev/sdg2: UUID="17a2a4d7-50ad-464a-a5ac-b296631a8dae" TYPE="crypto_LUKS" PARTUUID="ee7d1d95-ab33-41f4-8eb6-be49b48bfddc"
/dev/sdg3: UUID="26c904e6-54b6-48bc-afe4-f11ae1e50291" TYPE="crypto_LUKS" PARTUUID="cdd81626-86e3-4148-ba96-ea2c68df5ce1"
/dev/mapper/crypto_LUKS: UUID="ee80d713-9c90-4a29-94ca-64f1766ac102" TYPE="ext4"
/dev/sdf1: PARTLABEL="Microsoft reserved partition" PARTUUID="9d51f56e-ae03-4200-90bd-2362e69ac4e9"
cat /etc/crypttab
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
#       to encrypted swap, which should be set up with mkinitcpio-openswap
#       for resume support.
#
# <name>               <device>                         <password> <options>
luks-b98b7c10-be38-4ad2-9386-db4c85e08436 UUID=b98b7c10-be38-4ad2-9386-db4c85e08436     /crypto_keyfile.bin luks
luks-17a2a4d7-50ad-464a-a5ac-b296631a8dae UUID=17a2a4d7-50ad-464a-a5ac-b296631a8dae     /crypto_keyfile.bin luks
luks-26c904e6-54b6-48bc-afe4-f11ae1e50291 UUID=26c904e6-54b6-48bc-afe4-f11ae1e50291     /crypto_keyfile.bin luks

I made the changes you said for /etc/fstab.

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
/dev/mapper/luks-b98b7c10-be38-4ad2-9386-db4c85e08436 /home          ext4    defaults,noatime 0 2
UUID=D21E-4DD9                            /boot/efi      vfat    defaults,noatime 0 0
/dev/mapper/luks-17a2a4d7-50ad-464a-a5ac-b296631a8dae /              ext4    defaults,noatime 0 1
/dev/mapper/luks-26c904e6-54b6-48bc-afe4-f11ae1e50291 swap           swap    defaults,noatime 0 2
# tmpfs
sudo update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.19-x86_64
Found initrd image: /boot/amd-ucode.img /boot/initramfs-4.19-x86_64.img
Found initrd fallback image: /boot/initramfs-4.19-x86_64-fallback.img
grub-probe: error: cannot find a GRUB drive for /dev/sdc1.  Check your device.map.
grub-probe: error: cannot find a GRUB drive for /dev/sdc1.  Check your device.map.
Found Windows Boot Manager on /dev/sdg1@/EFI/Microsoft/Boot/bootmgfw.efi
Found memtest86+ image: /boot/memtest86+/memtest.bin
done

grub-probe: error: cannot find a GRUB drive for /dev/sdc1. Check your device.map.

sdc1 is the livecd USB so it should be fine to have the error.

Rebooting to check the results.

I still get the same error message from the picture above:

mount: /openswap_keymount: no filesystem type specified.
Failed to open key file.
umount: can't unmount openswap_keymount: Invalid argument
ERROR: resume: no device specified for hibernation
mount: /new_root: can't find UUID=ee80d713-9c90-4a29-94ca-64f1766ac102.
sh: can't access tty; job control turned off
[rootfs ]#

I don't get it, do you run update-grub while on a Live USB session? You need to chroot the encrypted system first, then run update-grub from within chroot.

I booted the live usb session, ran the steps in How to chroot into an encrypted root partition to chroot into the encrypted system, and then ran "sudo update-grub" as the last step before rebooting.

Ok, then do it again, but run grub-install with correct target and then update-grub. In a chroot you are su, no need for a sudo command.

So you did not do 'update-grub' from the installed OS but chrooted to it? No wonder.
You had successfully booted into it using TEST F before. Can't you do it again?
And then do 'update-grub'?

Now, I need to get the 'raw' UUID of your root partition. In TEST F, it is $pqr.
So can you when doing TEST F to go into the installed OS, find that out for me and copy that out for us? That will be at steps here during TEST F.

grub> cryptomount hd4,gpt2
grub> set root=(crypto0)
grub> probe -u $root --set=pqr
grub> echo $pqr

Now, here's the entry I made for you to be put into your custom.cfg to boot.
You grub.cfg generated at chroot is wrong.

root=UUID=ee80d713-9c90-4a29-94ca-64f1766ac102 rw cryptdevice=/dev/sdg1:lvm loglevel=3 quiet

The UUID is wrong (should be the $pqr) and /dev/sdg1 is wrong.

Here's a menuentry i made pending confirmation of $pqr


menuentry 'Manjaro - 1  Linux' --class manjaro  {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod cryptodisk
        insmod luks
        insmod gcry_rijndael
        insmod gcry_rijndael
        insmod gcry_sha256
        insmod ext2
        cryptomount -u 17a2a4d750ad464aa5acb296631a8dae
        set root='cryptouuid/17a2a4d750ad464aa5acb296631a8dae'
        probe -u $root --set=pqr
        set abc=17a2a4d7-50ad-464a-a5ac-b296631a8dae
        linux   /boot/vmlinuz-4.19-x86_64 root=UUID=$pqr rw cryptdevice=UUID=$abc:luks-$abc root=/dev/mapper/luks-$abc
        initrd  /boot/amd-ucode.img /boot/initramfs-4.19-x86_64.img
}        
     

But you can try it.

To put into custom.cfg,
Make that custom.cfg
sudo touch /boot/grub/custom.cfg
Open up that file and put in the above entry. Save file. That's it. No need to 'update-grub'
When you reboot, the entry will be there, at the bottom.

Reminder - I need $pqr. it is not
ee80d713-9c90-4a29-94ca-64f1766ac102

@manjarouser2364
This post is to @eugen-b. Don't worry about it.
@eugen-b
You have encryption and btrfs, last I remembered, you manually corrected for your grub.cfg as the generated grub.cfg is not done well. Are you on the default grub 2.04-6 ? If yes, can you try to do 'update-grub' and see if that works? Of course, back up your working grub.cfg.

Then try vanilla-grub and see if that works without needing correction. Let us know. Thanks.

ps: I suspect this OP on grub 2.04-6 may have problems. Others not on encryption or btrfs have reported issues as well.

It was a test install, I think I don't have it anymore.
When I make a test install again (I hope soon) I will try to do it as you requested.

1 Like

Thanks. You're a chum.

I'm currently on my actual Manjaro desktop.

grub> echo $pqr
ee80d713-9c90-4a29-94ca-64f1766ac102

20190918_074348

Then try my entry above.
Put it in custom.cfg. To test it out.
OH.. confirm that the test F from grub prompt works again (this time)
I think so. Just need your confirmation (to make me feel better)

A new option does show up at the bottom of the grub menu
20190918_083334
and running it does boot my main Manjaro desktop.

You still want me to do Test F?

Now boot this entry Manjaro -1

Let us know if this works.
I'm preparing another entry 'Manjaro -2 that will work, but I'll also explain why I don't like it.

Here it is...

$abc= raw
$pqr= decrypted

menuentry 'Manjaro - 2   Linux' --class manjaro  {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod cryptodisk
        insmod luks
        insmod gcry_rijndael
        insmod gcry_rijndael
        insmod gcry_sha256
        insmod ext2
        cryptomount hd4,gpt2
        set root=(crypto0)
        set pqr=ee80d713-9c90-4a29-94ca-64f1766ac102
        set abc=17a2a4d7-50ad-464a-a5ac-b296631a8dae
        linux   /boot/vmlinuz-4.19-x86_64 root=UUID=$pqr rw cryptdevice=UUID=$abc:luks-$abc root=/dev/mapper/luks-$abc
        initrd  /boot/amd-ucode.img /boot/initramfs-4.19-x86_64.img
}        
        

Open up the same custom.cfg and add to it You can have as many entries in custom.cfg.

On why I don't like it...
WE have to use..

cryptomount hd4,gpt2

That may change.. with bios. It may become hd3,gpt2, hd2,gpt2 or hd1,gpt2 or go back to hd4,gpt2
And that is not consistent. It the entry don't work, you have to try with one of these .
But you can edit it manually at grub (press 'e') and try to boot.

I was hoping "cryptomount -u 17a2a4d7-50ad-464a-a5ac-b296631a8dae" will work so we don't have to change each time.

So we just have to have Manjaro -3 and hope it works then.

menuentry 'Manjaro - 3   Linux' --class manjaro  {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod cryptodisk
        insmod luks
        insmod gcry_rijndael
        insmod gcry_rijndael
        insmod gcry_sha256
        insmod ext2
        cryptomount -u 17a2a4d7-50ad-464a-a5ac-b296631a8dae
        set root=(crypto0)
        set pqr=ee80d713-9c90-4a29-94ca-64f1766ac102
        set abc=17a2a4d7-50ad-464a-a5ac-b296631a8dae
        linux   /boot/vmlinuz-4.19-x86_64 root=UUID=$pqr rw cryptdevice=UUID=$abc:luks-$abc root=/dev/mapper/luks-$abc
        initrd  /boot/amd-ucode.img /boot/initramfs-4.19-x86_64.img
}        
        
3 Likes

All 3 Manjaro options boot to the desktop.

Manjaro 1 and 2 show pretty much the same thing when starting:
20190918_090725

Manjaro 3 says:

error: no such cryptodisk found.
Press any key to continue...

but it eventually starts without having to press any key.
20190918_090405

Okay. At this point, I'll be happy to take it.
All 3?
Yay!!! Yahoo!!!

Cheers, take care.
ps: I think the 3rd is best.

1 Like

I'm guessing the top option "Manjaro Linux" is trash now and there's no way to make it work?
Is it OK to remove Manjaro 1 and 2 or should I keep them for future troubleshooting?

I'll edit /etc/default/grub and change

GRUB_DEFAULT=0

so that it picks Manjaro 3 as the default boot option.

From what I see, it doesn't help.
There is another grub 'grub-vanilla' which I think is much better. But as to your case, I cannot be certain it will improve. In fact, I really don't know. I'd prefer someone else, like @eugen-b or @AgentS do try out first. But the latter and I don't see a need for encryption and I particularly will not do something I don't find meaningful, not that I think others shouldn't do what they want.

No. This has totally no effect. That's the beauty of custom.cfg. Nothing will destroy it. You can bring it up to the top by going to your grub.cfg and manually moving the 41_custom stanza to the top. But remember when there's an update-grub, that will revert to the bottom. And you will find severe warnings when you try to modify grub.cfg. In kde, it is almost impossible without the super super root command.

I'm thankful that you helped me on something that you don't even use, hopefully eugen-b will eventually look for a solution.

I moved the 41_custom stanza to the top but it would default to Manjaro 1, so I deleted both Manjaro 1 and 2.
I tried to increase the timeout in /etc/default/grub but it still stays at 5 seconds.

Should I make a a grub-rescue cd/usb or is not not going to work in my case?

Since it is the custom.cfg containing the working entry, there is no point in making this grub-rescue cd anymore. Just suggest you copy the working grub entry somewhere (not in the system) and should you have problems, from any grub (like the install media grub) use each line to input at the grub prompt. Of course, you have to remember the encryption password.

Did you do 'update-grub' after that? Your custom entries will remain.

And you're welcome. I've enjoyed helping out too.
Cheers.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by