How can I enable multiple attempts to enter my correct password into GRUB?

I am running an EndeavourOS installation with an encrypted boot partition using LUKS and GRUB. Whenever I enter the wrong password to GRUB I am dumped into GRUB rescue mode. I end up rebooting my machine so that I can have another chance to enter my password. Of course this is not a big problem but instead merely a mild annoyance.

By searching on Google I found that other people had asked essentially the same question:

  1. [LVM on LUKS] How to enable multiple attempts to decrypt master key at GRUB?
  2. Grub2 encryption reprompt
  3. How to boot a system with full disk encryption from GRUB rescue
  4. Decrypt and mount LUKS disk from GRUB rescue mode

Hi,

you can have another chance when you issue

cryptomount (hdx,gpty)

at grub rescue where x and y have to be replace to match your setup. After you enter your passphrase successfully you have to enter

insmod normal

and then

normal

in order to boot to grub.

As far as I know there is no other way when using an encrypted boot.

Regards,

Christoph

1 Like

@csteinforth

Thanks but…

the solution you proposed, which was mentioned in a couple of the links I included in my first posting, is impractical because it is actually easier for me to manually reboot my machine so as to have another chance to enter the correct password than to enter the commands above.

Having only one chance to enter a correct password is, generally speaking, bizarre.

That is simply the way grub works, so it is not an EOS issue. Apart from entering those commands there is no other way on full disk encryption. The other solution is to use an unencrypted boot partition.

Christoph

@csteinforth

Apart from entering those commands there is no other way on full disk encryption.

That assertion is false.

On Ubuntu 16.x and 81.x I had full disk encryption yet was able to reenter my password more than once (I think three times).

The other solution is to use an unencrypted boot partition.

That assertion is also false.

Another solution is to use an unencrypted boot partition.

Another would be to go back to using Ubuntu.

Tiel

Is this before or after grub screen? If before you may ask Ubuntu community how they accomplish this and post the solution here.

You may do so.

BTW: have a look at this one.

This could be an Ubuntu own solution, we are based on Arch and unlike Ubuntu, Arch isn’t funded by a major company behind it. They develop and maintain the scripts they specifically created and leave things like Systemd and Grub up to the development team of those projects.

Canonical has an army of paid developers who each are dedicated to their tasks. The vast majority of Arch developers are volunteers, who are doing this next to their regular jobs.
So, yes there’s a difference between Arch and Ubuntu but it isn’t fair to compare those two, because the infrastructure behind the two aren’t comparable.

3 Likes

Sorry for the necro bump - I just realized it after my comment.

If you are not using any other system - as in dual booting - then you could migrate your system to systemd-boot.

I have such migration in memory - frankly - I don’t know if it will work in your case.