Dual password unencrypt HD

General system Newbie
1

Hello,

I’ve just installed my first endeavourOs.
For some reason I am required to unencrypt twice. I believe I’ve figured out my mistake.
Question is, what is most easiest solution?
swapping to grub? that easy?
using LVM?
Swap file instead of partition?

I was hoping I could do this from chroot or systemmd? or even in terminal hopes and prays

Many thanks!!!

1 Like
2

I think it’s due to having the swap partition. If you use a swap file i don’t think you can encrypt it separately because it’s on the root partition. :thinking:

3

Hi Ricklinux thanks for the reply.

Ah I see, Unfortunetly I require encryption so that would mean that option is out :confused:

4

What i meant was I’m not sure if you use a swap file whether it would require two password because the swap file would be located on the root partition which is already encrypted. At least that’s what i would think. :thinking:

5

Oh, now I see, my bad.
Is the process arduous to swap to a swap file? :smiley: I mean, I could try it - unless I am required reinstall etc

6

It is not hard to do to remove a swap partition and create a swipe file. I’m not sure in the case of a swap partition that is installed with encryption?

7

Hmmm, I’m guessing that if the encryption got in the way, it would simply be a case of unlocking it with cryptsetup? :thinking:
I’ll take a look into it. In the meantime, if someone chimes in with some more info - that would be great.
I’ll update the thread for search purposes if I figure it out.

8

hello @remgee
welcome to the purple universe :enos: :enos_flag: :penguin_face: :rocketa_purple: :purple_heart:

you could create an installation like your hardware installation in a virtual environment.
after that you could first solve the problem in the vm before you solve it on the hardware. so you are on the safe side.

9

I believe this is related to choosing systemd-boot for the bootloader. Because systemd-boot stores the initramfs images on the unencrypted EFI partition, a keyfile should not be stored in the initramfs (source). Without a keyfile, the passphrase needs to be entered more than once if you have more than one luks partition.

In this thread, a couple folks successfully switched from systemd-boot to Grub:

I wouldn’t say it was easy–it took 119 posts to figure it out! But it can be done. Hats off to those guys for sticking with it.

After you are switched over to Grub, you can set up a keyfile as described in the ArchWiki here:

https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#Avoiding_having_to_enter_the_passphrase_twice

Depending on how deeply configured your system is by now (since you just installed it), if you want to switch over to the Grub bootloader it might be easier to back up whatever you need to back up and just reinstall.

It’s not too bad actually. First, deactivate the swap space:

sudo swapoff /dev/sdxy

sdxy is the swap partition obviously.

Delete the partition with parted (https://www.thegeekdiary.com/how-to-delete-disk-partition-using-parted-command/), or something else.

Set up the swap file somewhere inside the encrypted partition like so:

https://wiki.archlinux.org/title/Swap#Swap_file

Swap file

As an alternative to creating an entire partition, a swap file offers the ability to vary its size on-the-fly, and is more easily removed altogether. This may be especially desirable if disk space is at a premium (e.g. a modestly-sized SSD).

Swap file creation

Note: For Btrfs, follow the procedure described in Btrfs#Swap file instead of the steps below.

Use dd to create a swap file the size of your choosing. For example, creating an 8 GiB swap file:

# dd if=/dev/zero of=/swapfile bs=1M count=8k status=progress

Note: Using dd to allocate a swap file is the most portable solution, see swapon(8) § Files with holes for details.

Set the right permissions (a world-readable swap file is a huge local vulnerability):

# chmod 0600 /swapfile

After creating the correctly sized file, format it to swap:

# mkswap -U clear /swapfile

Activate the swap file:

# swapon /swapfile

Finally, edit the fstab configuration to add an entry for the swap file:

/etc/fstab

/swapfile none swap defaults 0 0

For additional information, see fstab#Usage.

Note: The swap file must be specified by its location on the file system, not by its UUID or LABEL.

4 Likes
10

@remgee
I just did an install of EOS Xfce4 using systemd-boot and encryption with erase disc and ext4 with swap file on vmware and it only requires one password as i suspected. Becasue the swap file is loacted on root.

Edit:

[ricklinux@rick-vmware201 ~]$ lsblk
NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
sda                                             8:0    0   18G  0 disk  
├─sda1                                          8:1    0 1000M  0 part  /efi
└─sda2                                          8:2    0   17G  0 part  
  └─luks-9e671a8b-b202-4f6f-a41f-48b0937542e3 254:0    0   17G  0 crypt /
3 Likes
11

ooo that’s a good idea, didn’t think of that!

12

Hmmm ok, and me being on btrfs is not another variable?

13

Yeah, you guess correctly, my system is new and isn’t all setup how I like it yet - I could reinstall :melting_face:
Damn, I did search the arch wiki, I missed that!

14

For future search ref; I tried the above suggestions on a raspberry pi as a tester, following the arch wiki linked above, and opting for btrfs, encryption, hibernate, I was able to install without having to unencrypt twice at boot up.

Now to do the same on my desktop. Sunday morning with a cup of tea and some music, ahhhhh :smiley:

15

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.