Results 1 to 6 of 6

Thread: Can't Have No Grub Password

  1. #1
    Join Date
    Jun 2014
    Location
    Bonn, Germany
    Posts
    68

    Question Can't Have No Grub Password

    Hi Geekos!

    I just set up a machine with Leap 15 (I wiped the hard drive and Leap is the only OS installed btw). Since then, on boot, I am asked for my grub password. Grub2 will tell me it needs to decrypt the master key for "hd0, gpt" (I think that's what's written).

    I cannot remember to have actively asked for an encrypted boot menu, and since my LVM is encrypted anyway, I find it rather annoying. I have the suspicion, that somewhere in the installation process, something forced this onto my – lucky enough, it took my root password for it .

    Anyway, I'd like to get rid of this … but in /etc/grub.d/40_custom (kindof where I'd expect it), there is no 'password' line; In fact, none of the files in /etc/grub.d/ even contains the string 'password', and /boot/grub2/grub.cfg does neither. Yes, I ran grub2-mkconfig -o /boot/grub2/grub.cfg, and no, in YaST the checkbox is un-ticked … but still, I am prompted for my password every time I boot the PC. What's wrong here?

    Oh, and btw: Yes, I could re-install openSUSE, that wouldn't bother me much – but since I didn't actively opt-in for any grub encryption this time, I just feel it won't be very helpful.

    Any ideas, anybody? Thanks in advance!

  2. #2
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,999

    Default Re: Can't Have No Grub Password

    Is grub on the LVM? if so it must be decrypted to run grub before it can load the OS. If you don't want the grub password install /boot to it's own not encrypted partition

    Show fdisk -l

  3. #3
    Join Date
    Jun 2014
    Location
    Bonn, Germany
    Posts
    68

    Default Re: Can't Have No Grub Password

    Hi, here's my fdisk:
    Code:
    Festplatte /dev/nvme0n1: 477 GiB, 512110190592 Bytes, 1000215216 Sektoren
    Einheiten: Sektoren von 1 * 512 = 512 Bytes
    Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
    E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
    Festplattenbezeichnungstyp: gpt
    Festplattenbezeichner: E01CFDA8-555B-4FDA-860E-13F8A13EA49F
    
    Gerät           Anfang       Ende  Sektoren  Größe Typ
    /dev/nvme0n1p1    2048    1026047   1024000   500M EFI-System
    /dev/nvme0n1p2 1026048 1000215182 999189135 476,5G Linux LVM
    
    
    Festplatte /dev/mapper/cr_nvme0n1p2: 476,5 GiB, 511582739968 Bytes, 999185039 Sektoren
    Einheiten: Sektoren von 1 * 512 = 512 Bytes
    Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
    E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
    
    
    Festplatte /dev/mapper/system-swap: 2 GiB, 2147483648 Bytes, 4194304 Sektoren
    Einheiten: Sektoren von 1 * 512 = 512 Bytes
    Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
    E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
    
    
    Festplatte /dev/mapper/system-root: 96 GiB, 103079215104 Bytes, 201326592 Sektoren
    Einheiten: Sektoren von 1 * 512 = 512 Bytes
    Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
    E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
    
    
    Festplatte /dev/mapper/system-home: 300 GiB, 322122547200 Bytes, 629145600 Sektoren
    Einheiten: Sektoren von 1 * 512 = 512 Bytes
    Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
    E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
    Sorry, it's all in German (I didn't expect that …), but my understanding is, that /boot = /dev/nvme0n1p1 is the unencrypted part, and the rest is the encrypted LVM. Is that correct?

  4. #4
    Join Date
    Jun 2014
    Location
    Bonn, Germany
    Posts
    68

    Default Re: Can't Have No Grub Password

    Here's how it looks from YaST, if that's more helpful (still German, I should really switch my installation language back to English).

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,421
    Blog Entries
    3

    Default Re: Can't Have No Grub Password

    The EFI partition is partition 1. Part of the boot data is there. But part of it is in the encrypted LVM. And that's why you need to give a password during boot.

    You could have a separate unencrypted "/boot", which would avoid this issue. However, I'm guessing that you are using "btrfs" for your root file system. And with "btrfs" the grub data (in "/boot/grub2") needs to be in that root file system, and not a separate partition. That's because if you ever want to rollback to an older snapshot, you have to roll back the boot configuration at the same time.

    So best to just learn to live with this encryption key prompt from grub2.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  6. #6
    Join Date
    Jun 2014
    Location
    Bonn, Germany
    Posts
    68

    Default Re: Can't Have No Grub Password

    Ah, I see … that's also plausible wrt my old installation, where I didn't use LVM, and only had /home encrypted (and wasn't asked to provide by PW during boot). Maybe I'll kick out LVM with my next installation then …

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •