Full Disk Encryption No Password Asked

vraimonds · January 3, 2023, 8:20pm

Hello EndeavourOS community,

I just installed EndeavourOS Cassini 22.12 with full disk encryption enabled using the automated partitioning. After the initial reboot, I was asked to enter the passphrase to decrypt the hard drive. I chose systemd-boot as the boot-loader. One day later after turning the laptop on again, it doesn’t ask me to decrypt the hard drive anymore. Instead it just boots normally and reaches the user login screen.

My expectation would be, that the decryption passphrase is asked after every reboot, but is it possible that the there’s some magic happening in the background and the drive gets decrypted after I log in with my user? Although I feel that’s an unlikely scenario…

dalto · January 3, 2023, 8:25pm

That shouldn’t be possible.

Did you make any changes with keys or add the keyfile to the dracut config?

vraimonds · January 3, 2023, 8:28pm

I only changed the wallpaper and updated the mirrors.

dalto · January 3, 2023, 8:31pm

Are you rebooting or just suspending the device?

vraimonds · January 3, 2023, 8:33pm

After the initial reboot I did shutdown now in the terminal. Today, after the log I rebooted the PC normally from the menu, to make sure I was not imagining things… And yet it really didn’t ask me for the decryption key.

vraimonds · January 3, 2023, 8:34pm

Right now I’m installing gparted and other partitioning tools, to see if there’s more info available about the partitions.

dalto · January 3, 2023, 8:35pm

I would like to see sudo cryptsetup luksDump device replacing device with the partition. i.e. /dev/sda2 or whatever it is in your case.

I don’t remember if that contains sensative information or not. If it does, you can PM it to me.

vraimonds · January 3, 2023, 8:41pm

OK. I tried.

Device /dev/nvme0n1 is not a valid LUKS device.

That is my only drive in the laptop. It has 3 partitions:

/efi
/
[SWAP]

For the record, I followed this tutorial except for picking GRUB as the bootloader.

vraimonds · January 3, 2023, 8:46pm

And thanks a lot for your help!

dalto · January 3, 2023, 8:54pm

Can we see the output of sudo lsblk -o name,type,fstype,mountpoint,size

vraimonds · January 3, 2023, 9:00pm

> sudo lsblk -o name,type,fstype,mountpoint,size
nvme0n1               disk                                              953,9G
├─nvme0n1p1           part  vfat        /efi                            1000M
├─nvme0n1p2           part  ext4        /                               884,1G
└─nvme0n1p3           part  swap        [SWAP]                          68,8G

I assume, there should have been a crypto_LUKS partition.

vraimonds · January 3, 2023, 9:12pm

It’s getting quite late at my location, so I will go offline now. Thanks once more for the help thus far. I will check the replies tomorrow in the evening.

Re-installation is of course an option. Only before I do that, I would like to know if I did anything wrong and if there’s anything I should be aware of to prevent this from happening again.

dalto · January 3, 2023, 9:18pm

Yeah, your install isn’t encrypted.

I would say that somehow encryption was either not selected or deselected at some point. When you go through it again, check the summary screen and ensure it is telling you it is going to encrypt.

joekamprad · January 3, 2023, 10:17pm

just updated the wiki entry to fit the latest installer version…

joekamprad · January 3, 2023, 10:19pm

2023-01-03_23-20

Encrypted install would show up like this.

vraimonds · January 4, 2023, 6:08am

The weird thing is, it asked me for encryption key during the instal and after the post-installation reboot.

OK. Thanks for the help. I will try reinstalling it once more according to the updated wiki and will let you know how does that go.

vraimonds · January 4, 2023, 7:12am

Thanks a lot for the assistance. Not sure what the cause for this was. Probably some newbie mistake or missed setting. Re-installing the OS seems to have helped:

> sudo lsblk -o name,type,fstype,mountpoint,size
NAME                                          TYPE  FSTYPE      MOUNTPOINT   SIZE
sda                                           disk                             0B
sdb                                           disk                             0B
nvme0n1                                       disk                         953,9G
├─nvme0n1p1                                   part  vfat        /efi        1000M
├─nvme0n1p2                                   part  crypto_LUKS            884,1G
│ └─luks-2 crypt ext4        /          884,1G
└─nvme0n1p3                                   part  crypto_LUKS             68,8G
  └─luks-5 crypt swap        [SWAP]      68,8G

//edit//
take care not posting UUIDS

system · January 6, 2023, 7:13am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.