Dual-Boot & encrypted /root but non-encrypted /boot/efi: GRUB still asking for password

I am completely new to this. I searched the forum and found some advice that did not work for me.

My Setup:

  • One SSD (NVMe, M.2, 1 TB) with Windows 10
  • Another SSD (not NVMe, SATA, 128 GB) designated for Manjaro (18.0.4 KDE)

What I want:
Encrypt everything on the "Manjaro SSD" (with LUKS), except for the boot partition, so that GRUB does not ask me for a password to enter the boot selection menu, but when I chose to boot Manjaro, it does ask for a password to decrypt root (and everything).

I followed this guide to partition my designated Manjaro disk.
During installation of Manjaro I selected the encrypt option for both the swap and the root partitions (using the same password).
Then I installed Manjaro.

Upon restart, GRUB asks for the password before I can chose what to boot (this is not what I intended) and then it again asks for the (same) password when I chose to boot Manjaro (this is fine/desired).
Side note: Windows boot works fine.

Why I don't want this first password prompt should be obvious. It is quite inconvenient when I just want to pick Windows to boot and frankly unnecessary (as far as I understand) for my encrypted Manjaro, if root is encrypted anyway.

Now, I tried this solution here and commented out GRUB_ENABLE_CRYPTODISK=y from /etc/default/grub, then did sudo update-grub, but to no effect. I still get prompted before I can enter the GRUB bootloader. The only perceived difference is the look of the boot selection menu, which is now less "graphical"...

What am I missing? How can I get rid of this first password prompt?
I apologize if I missed an exisiting solution to this exact problem and am thankful for a reference.

During installation, create and use a separate /boot partition. It's not the same as /boot/efi which should also exist as it is now (fat32 $esp)

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by