Hello, I installed EndeavourOS on my DELL XPS 15 laptop, no dual boot, default BTRFS partition layout with swap & hibernate, and encrypted partition.
At boot, after entering the correct partition encryption password, and choosing one of the boot options in GRUB, I see:
Starting version 249.4-1-arch
Failed to open key file.
And then a completely black screen… I don’t know if it’s related, but this happened after I ran nvidia-installer-dkms, without errors. Also, secure boot is disabled.
This is probably fixable by chrooting into my system with the OS bootable key, but I have to know what’s wrong first. I looked on the Endeavour Wiki, Arch Wiki, but couldn’t find any mention of a similar error.
Do you have any idea what is going on? How do I start debugging this issue?
The password you entered is used by grub to access /boot/grub.cfg, and get you to your grub menu. This is working. Good. At least we know you can decrypt and mount your root partition / subvolume.
LUKS keyfiles are used to decrypt from that point on.
Decrypt root, mount root and look in /etc/crypttab.
You should have entries like this …
luks-[UUID] UUID=[UUID] /crypto_keyfile.bin luks
The UUID is the partition UUID of a luks container, /crypto_keyfile.bin is the keyfile used to decrypt on boot.
Make sure the path to this keyfile is correct and accessible. I don’t use btrfs, so not sure if that is causing the issue.
I suspect that message may not be related to your issue. I would revert your graphics driver changes first and then try to determine why you are getting that key error.
Thanks for your reply. I don’t know how to decrypt the root partition however. Can this be done from the Live USB environment? If yes, do you have a resource explaining how to do this? I couldn’t find anything online.
Thanks for your help. I decrypted the root partition of the system I’m trying to fix, and found the following directories at its root:
@ @cache @home @log
… which is weird, as I would expect to find the usual linux directory strucure there (/usr /home ...), but this directory structure is present in /@/. I found the crypttab file in @/etc/crypttab which references the crypto_keyfile.bin file with path /crypto_keyfile.bin, NOT /@/crypto_keyfile.bin (where the file actually is).
So I guess I now need to figure out why my encrypted partition ended up so messed up. Does anybody know what’s going on here?
Thank you, I didn’t know that. Using this mount command, the crypto_keyfile.bin file is present at the root of subvolume @ and the file path in /etc/crypttab is correct. As for the contents of crypto_keyfile.bin, I don’t know how to check if they are correct or not.
I see, any chance the system might be mounting the partition incorrectly as I did, thus prefixing the actual path of the crypto_keyfile.bin file with /@?
Not likely. Since this started when you installed video drivers I would recommend resolving that issue first. The key message you are seeing may have just been the last thing on the screen before the driver problem manifested. It may not even be an issue. If the initramfs can’t use your keyfile to unlock it should just ask you for a passphrase.
It is likely harmless but I am not sure that is normal. I would look at the keys on your luks volume and make sure there isn’t an extra one. There should be only 2.