I added a new key to luks via
cryptsetup luksAddKey
and removed old keys via
cryptsetup luksKillSlot
Now, after entering the passphrase on the usual GRUB screen, I get the message
No key available with this passphrase.
Invalid keyfile. Reverting to passphrase.A password is required to access the luks-b8e…
Enter passphrase for /dev/nvme0n1p2:
After entering the same passphrase as before again, it boots into the os.
The following image sequence shows the process.
The way it is configured by default it is unlocked by grub via the passphrase and then unlocked in the initramfs via a keyfile.
If you:
You probably removed the access to the keyfile as well.
You should re-add the keyfile.
So the luks partition gets unlocked twice? So I need to add a luks slot entry where the “password” is that keyfile, where do I find that keyfile?
/crypto_keyfile.bin
That worked, thanks! Can you point me to some endeavouros documentation where I could have figured that out myself. Using search engines didn’t help me.
I believe this setup with /crypto_keyfile.bin is not specific to EndeavourOS or Arch. This mechanism is also being used by other distros.
A good starting point to read is the Arch wiki:
https://wiki.archlinux.org/title/dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs
It is the default mechanism used by Calamares.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.