update 1: I took the PKGBUILD from Arch (https://gitlab.archlinux.org/archlinux/packaging/packages/grub) and basically applied the argon[1-5] patch set from this AUR pkg. Unfortunately, I experience the same thing. Does anyone here run a LUKS2 +argon2id setup successfully?
Search Criteria
Package Details: grub-improved-luks2-git 2.12.r10.g04d2a50f3-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/grub-improved-luks2-git.git (read-only, click to copy) |
|---|---|
| Package Base: | grub-improved-luks2-git |
| Description: | GNU GRand Unified Bootloader (2) with Argon2 support. Patch made by Patrick Steinhardt |
| Upstream URL: | https://www.gnu.org/software/grub/ |
| Licenses: | GPL3, CC0 |
| Conflicts: | grub |
| Provides: | grub |
| Submitter: | Ax333l |
| Maintainer: | Ax333l |
| Last Packager: | Ax333l |
| Votes: | 29 |
| Popularity: | 1.31 |
| First Submitted: | 2022-01-02 14:06 (UTC) |
| Last Updated: | 2024-03-09 00:19 (UTC) |
Dependencies (18)
- device-mapper (device-mapper-gitAUR)
- freetype2 (freetype2-macosAUR, freetype2-gitAUR, freetype2-qdoledAUR)
- fuse2
- gettext (gettext-gitAUR)
- autogen (make)
- bdf-unifontAUR (make)
- bison (byacc-bisonAUR, bison-gitAUR) (make)
- git (git-gitAUR, git-glAUR) (make)
- help2man (help2man-gitAUR, python-help2manAUR) (make)
- python (python37AUR, python311AUR, python310AUR) (make)
- rsync (rsync-gitAUR, rsync-reflink-gitAUR, rsync-reflinkAUR) (make)
- texinfo (texinfo-gitAUR) (make)
- ttf-dejavu (ttf-dejavu-ibAUR, ttf-dejavu-emojilessAUR) (make)
- dosfstools (dosfstools-gitAUR) (optional) – For grub-mkrescue FAT FS and EFI support
- efibootmgr (efibootmgr-gitAUR) (optional) – For grub-install EFI support
- libisoburn (libisoburn-gitAUR) (optional) – Provides xorriso for generating grub rescue iso using grub-mkrescue
- mtools (mtools-svnAUR) (optional) – For grub-mkrescue FAT FS support
- os-prober (os-prober-gitAUR, os-prober-btrfsAUR) (optional) – To detect other OSes when generating grub.cfg in BIOS systems
Required by (313)
- apple_set_os (requires grub) (optional)
- arch-grub2-theme (requires grub)
- arch-matrix-grub-theme-git (requires grub)
- archiso-git (requires grub) (optional)
- archiso-grub-themes (requires grub)
- archuseriso (requires grub)
- ash-git (requires grub) (optional)
- bieaz (requires grub)
- bieaz-git (requires grub)
- boo-grub-git (requires grub)
- booty-git (requires grub)
- cryptboot (requires grub)
- cyberpunk-grub-theme-git (requires grub)
- dedsec-grub2-theme (requires grub)
- distro-grub-themes-arch (requires grub)
- distro-grub-themes-endeavouros (requires grub)
- distro-grub-themes-meta (requires grub)
- dracula-grub-theme-git (requires grub)
- endeavouros-galleon-grub (requires grub)
- graphite-grub-theme-default-1080p (requires grub)
- Show 293 more...
Sources (12)
Mateusz commented on 2023-06-12 17:02 (UTC)
Mateusz commented on 2023-06-11 16:03 (UTC)
Hmmm.. when I ls in the grub recovery shell, I can see the LUKS2 partition showing up as hd0,gpt2. When I try to unlock it manually by running cryptosetup I get the same error.
Ax333l commented on 2023-06-11 16:01 (UTC)
Can either one of you get into the grub shell after the failure? If so, does the encrypted boot partition show up if you run ls? Can you manually unlock it using the cryptomount command?
https://www.gnu.org/software/grub/manual/grub/html_node/cryptomount.html
Mateusz commented on 2023-06-11 14:55 (UTC)
@Ax333l unfortunately, specifying the partUUID instead of UUID of my LUKS2 partition doesn't work either. BTW, I can't use the kernel parameter rd.luks.uuid=LuksUUID because I'm on Artix and I don't use systemd :D
I get the same error as @rodolfoser invalid passphrase error: disk 'cryptouuid/myUUID' not found'
rodolfoser commented on 2023-06-10 19:58 (UTC)
with argon2 encrypted luks2 i get same error as Mateusz error: invalid passphrase error: disk 'cryptouuid/myUUID' not found'
rodolfoser commented on 2023-06-10 19:39 (UTC)
was able to build now. installed package grub-improved-luks2-git-2.06.r554.gc016a969d-1-x86_64.pkg.tar.zst EFI Grub can decrypt my encrypted boot (LUKS2, PBKDF2, sha256), but just doesnt load grub.cfg end so on: Hanging on Slot "0" opened Installed with this commandline: grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUBLUKS2 --modules="luks2 part_gpt part_msdos cryptodisk gcry_serpent gcry_sha512 argon2 pbkdf2 gcry_whirlpool ext2 tpm" --disable-shim-lock
any idea?
duffydack commented on 2023-06-10 18:27 (UTC) (edited on 2023-06-10 18:31 (UTC) by duffydack)
@Mateusz: Just built it and works fine. My grub cmdline:
rd.luks.uuid=LuksUUID rd.luks.key=LuksUUID=/crypt.key
That's on a system with unencrypted /efi (just grubs efi file) and everything else encrypted as part of btrfs root (even /boot). (the only reason I use this pkg)
Ax333l commented on 2023-06-10 18:24 (UTC)
rodolfoser, it works for me with makepkg. I'm not sure why it is failing for you.
Mateusz, does the device with your luks container show up if you type ls in the grub command line? What happens if you use PARTUUID or LABEL?
rodolfoser commented on 2023-06-10 17:59 (UTC)
Ax333l i deleted the whole pikaur cache, same problem. Can you confirm build works with grub r554.gc016a969d-1
Mateusz commented on 2023-06-10 17:48 (UTC)
Hi Ax333l!
I’m using the UUID of my LUKS container.
Pinned Comments
Ax333l commented on 2022-02-17 18:58 (UTC) (edited on 2023-06-16 14:24 (UTC) by Ax333l)
I have disabled translations because they have been the cause of build failures in both this package and
grub-git. If you want to re-enable them, check the PKGBUILD.Also, make sure you have installed
base-devel.Argon2 might not work on some devices due to issues with the memory allocator