Cannot mount LUKS partition using typical commands

My BIOS is unfortunately hardwired to reset my settings back to secure boot with RST with Optane every time my battery dies, as well as delete my EFI settings. I have to go back and reset everything, including remounting and reinstalling bootctl etc.

But now that I made an encrypted partition, I do not know what is the modified mount command.

Model: WDC PC SN520 SDAPNUW-512G-1014 (nvme)
Disk /dev/nvme0n1: 512GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name         Flags
 1      2097kB  1051MB  1049MB  fat32                     boot, esp
 2      1051MB  512GB   511GB                endeavouros

[liveuser@eos-2023.03.06 ~]$ sudo su
[root@EndeavourOS liveuser]# mount /dev/nvme0n1p2 /mnt
mount: /mnt: unknown filesystem type 'crypto_LUKS'.
       dmesg(1) may have more information after failed mount system call.

Thanks guys!

Skip to the section called “Encrypted Installs”

1 Like

dalto you are the man! Not sure how I missed system rescue chapter when I went looking for it.

I just want to confirm, it’s ok to have an unencrypted EFI even though the system warns of it, or is there some way to make it not world accessible if it matters?

[root@EndeavourOS /]# bootctl install
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/efi/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/efi/EFI/BOOT/BOOTX64.EFI".
⚠️ Mount point '/efi' which backs the random seed file is world accessible, which is a security hole! ⚠️
⚠️ Random seed file '/efi/loader/random-seed' is world accessible, which is a security hole! ⚠️

It must be unencrypted for it to work.

That is telling you the permissions are insecure. In a chroot, that is fine but check your /etc/fstab. Our current installs use fmask=0137,dmask=0027

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.