Package Details: grub-luks-keyfile 2:2.06-1

Git Clone URL: (read-only, click to copy)
Package Base: grub-luks-keyfile
Description: GNU GRand Unified Bootloader (2) with crypto extensions to support for DMCrypt and LUKS volumes with detached headers and key files.
Upstream URL:
Licenses: GPL3
Conflicts: grub, grub-bios, grub-common, grub-efi-x86_64, grub-emu, grub-legacy
Provides: grub, grub-bios, grub-common, grub-efi-x86_64, grub-emu
Replaces: grub, grub-bios, grub-common, grub-efi-x86_64, grub-emu
Submitter: kalbasit
Maintainer: None
Last Packager: mxfm
Votes: 7
Popularity: 0.029018
First Submitted: 2017-12-22 02:31 (UTC)
Last Updated: 2021-06-14 12:15 (UTC)

Required by (227)

Sources (14)

Latest Comments

1 2 3 4 Next › Last »

mxfm commented on 2023-04-06 18:40 (UTC)

I disown this package because I moved to gentoo and because plain mode patch was accepted into GRUB.

mxfm commented on 2023-04-06 18:40 (UTC)

@pezz, yes, this GRUB version was not updated. The problem is that GRUB code is changing, which means that these patches must be periodically updated to be kept with current version.

I maintained these 5+ patches because I was interested in supporting plain mode. Support for this feature was merged into GRUB code recently, so I am not interested in supporting these patches anymore. Also, the support for detached headers and key files was also recently added into GRUB.

Luckily, the patch implementing multiple passphrase attempts is trivial for anyone who can code in C programming language. I advise you to write request to support this feature to GRUB bugzilla or grub-devel mailing list.

pezz commented on 2023-04-05 04:57 (UTC) (edited on 2023-04-05 05:02 (UTC) by pezz)

Hey there, I was really stoked when I found this as the 1 password try was driving me nuts.

However after installing it, I've found that the patch doesn't seem to work and I get dropped to grub rescue after a password fail.

Also, I ran into a couple of other issues that do not occur in the latest grub that Arch ships. Such as the "efitextmode" module not being available.

It also appears that the Arch version fixes a bug where grub-install cannot recognise an ext4 partition with the "metadata_csum_seed" feature set.

And dashes are also acceptable in the UUID in the Arch version.

Just curious if there were any plans to update this?


mxfm commented on 2022-06-10 10:04 (UTC) (edited on 2022-06-10 10:07 (UTC) by mxfm)

Yes. The state of things with these patches is following. The 'crypto enhancement' patch series by John Lane adds following features:

  • key files

  • detached headers

  • multiple passphrase attempts

  • plain dm-crypt support

  • using device as keyfile

  • UUID hyphens

Key files were added recently by Glenn Washburn who rewrote some of these patches. Detached headers patch series will be also added soon to grub master.

Currently I am working on the third version of plain mode patch, but it will not be accepted as soon as detached headers support (according to my expectation).

Using device as a keyfile can be added as a fix to keyfiles patch series of Glen Washburn, but currently nobody is working on this. I have added support for this feature in plain mode, but it is not currently supported in LUKS mode.

Finally, supporting multiple passphrase attempts and UUID hyphens patches are not included into grub master and nobody is working on supporting them. When I started to support these patches I was interested only in plain mode. If I have spare time, I will rewrite these two minor patches (+ device as a keyfile), but they are not my priorities.

gamezelda commented on 2022-06-09 19:35 (UTC) (edited on 2022-06-09 19:35 (UTC) by gamezelda)

The 2nd patch in the series, the one which enables the key-file, keyfile-offset and keyfile-size parameters, was committed to the official GRUB repository and is included in the latest Arch GRUB package (grub 2:2.06.r261.g2f4430cc0-1).

So you may be able to switch to the official Arch package, as long as you only need the base keyfile support and not any of the extras (LUKS detached header, plain dm-crypt, whole device as keyfile, etc.).

PS: And if you switch to the official Arch package, also make sure to remove hyphens from the UUID in cryptomount (if this applies to you), that part is not in the official GRUB package yet and it will fail to find the disk unless you remove them.

acerix commented on 2021-05-11 22:07 (UTC)

Thank you for your work on this, the git version does not have the issue so I will use that for now.

mxfm commented on 2021-05-11 16:41 (UTC)

No, it is not expected, because I follow arch Grub package pkgbuild, also these patches should not explode package size.

I will investigate this in next weekend.

Can you try git version of this package?

acerix commented on 2021-05-11 00:31 (UTC)

Is it expected for this package to have a Total Installed Size of 930.45 MiB? When I build it, the .img files are much larger than the base grub package.

# grub
$ ls -l /usr/lib/grub/i386-pc/*.img
-rw-r--r-- 1 root root   512 Feb 21 15:55 /usr/lib/grub/i386-pc/boot_hybrid.img
-rw-r--r-- 1 root root   512 Feb 21 15:55 /usr/lib/grub/i386-pc/boot.img
-rw-r--r-- 1 root root  2048 Feb 21 15:55 /usr/lib/grub/i386-pc/cdboot.img
-rw-r--r-- 1 root root   512 Feb 21 15:55 /usr/lib/grub/i386-pc/diskboot.img
-rw-r--r-- 1 root root 29276 Feb 21 15:55 /usr/lib/grub/i386-pc/kernel.img
-rw-r--r-- 1 root root  1024 Feb 21 15:55 /usr/lib/grub/i386-pc/lnxboot.img
-rw-r--r-- 1 root root  2848 Feb 21 15:55 /usr/lib/grub/i386-pc/lzma_decompress.img
-rw-r--r-- 1 root root  1024 Feb 21 15:55 /usr/lib/grub/i386-pc/pxeboot.img

# grub-luks-keyfile
$ ls -l /usr/lib/grub/i386-pc/*.img
-rw-r--r-- 1 root root 134481116 May 10 19:51 /usr/lib/grub/i386-pc/boot_hybrid.img
-rw-r--r-- 1 root root 134481116 May 10 19:51 /usr/lib/grub/i386-pc/boot.img
-rw-r--r-- 1 root root 134481116 May 10 19:51 /usr/lib/grub/i386-pc/cdboot.img
-rw-r--r-- 1 root root 134480092 May 10 19:51 /usr/lib/grub/i386-pc/diskboot.img
-rw-r--r-- 1 root root     29168 May 10 19:51 /usr/lib/grub/i386-pc/kernel.img
-rw-r--r-- 1 root root 134488284 May 10 19:51 /usr/lib/grub/i386-pc/lnxboot.img
-rw-r--r-- 1 root root 134479612 May 10 19:51 /usr/lib/grub/i386-pc/lzma_decompress.img
-rw-r--r-- 1 root root 134481116 May 10 19:51 /usr/lib/grub/i386-pc/pxeboot.img

mxfm commented on 2020-03-04 10:44 (UTC)

@Martmists can you elaborate on the context of your comment? It seems you refer to some revealed bug/issue, however I do not see any links.

I use these patches in a following way. I don't have grub menu, I simply type necessary parameters upon each boot, so I don't know what happens when these patches are used together with grub menu.

Besides, these patches are developed by John Lane (, so you can contact him to file a bug.

Martmists commented on 2020-03-02 08:27 (UTC) (edited on 2020-03-02 08:27 (UTC) by Martmists)

Grub seems to not use the -p and -k parameter BEFORE the grub menu, as they are not in the binary file on the EFI partition. The cause seems to be that in some parts of the patched code, simply cryptomount -u $uuid seems to be used, therefore not unlocking grub at boot.