How can I make LUKS decryption speed up?

I just started using EndeavourOS again (coming from Vanilla Arch) and I notice that LUKS takes a really long time to unlock the system (about 40 seconds) while with Vanilla Arch it takes just 5 seconds. Is there anyway to speed up the unlock time? My computer’s a Thinkpad L390 Yoga with 16GB of ram and the filesystem it uses is BTRFS

If you followed the tutorial on EOS wiki then probably you have everything encrypted with LUKS along with /boot. As far as I know long decryption time in this case is normal as GRUB cannot handle it faster in it’s current state.
Are you sure you had the same setup on vanilla Arch? It sounds like you had /boot unencrypted there (or my knowledge on the topic is no longer up to date).


I used the installer to encrypt the machine, when I was using vanilla Arch, I had it setup where it encrypted with the /boot mounted separately (to a UEFI boot partition) using my own script. From what I could tell it looks like the installer uses key files… Which I don’t use at all

It is exactly what @marknn is saying.

When /boot is encrypted, the luks decryption is done by grub which doesn’t have any access to hardware acceleration. When /boot(or really kernel/initramfs) isn’t encrypted then the decryption will be much faster.

The installer uses both key files and password-based keys. The password is used by grub and the keyfiles are used by the initramsfs so you don’t need to put your password in twice.

You can certainly convert your install to use an unencrypted /boot if that is your preference. If you do that, you should remove the keyfiles from your main luks volume.

That being said, there are some security implications to having a decrypted /boot. Mainly that an attacker can access your initramfs which contains information about your system.


Ah ok! That explains alot, thanks!

So I just made a 200MB partition for /boot and a 150mb partition for /boot/efi, what labels do I put for them in the installer?

/boot should be an ext4 partition without any special flags set. /boot/efi should be a vfat/fat32 partition and have the boot option set in Calamares. If you are using something else to set the flags, ensure it is set as ESP.

That being said, /boot should probably be bigger. I would make it at least 500MB.


Ah, I was going off of RedHat’s partition recommendations for the sizes… though Calameres is warning me that the efi partition isn’t configured correctly (saying it should be 300 mb) despite me having set the flags and mount points for it.

I made the /boot/efi partition a FAT32 partition

What is it saying specifically? It will warn you if you make it smaller than a certain size.

It’s saying the efi partition is too small and that it should be 300mb

That is just a warning. You can ignore it if you like.

1 Like

Alrighty! I got it working, thanks! :smiley:


This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.