I have a new Asus UX305CA notebook. It’s using an UEFI Bios. I formatted the harddisk of the notebook.
I tried using the encrypted LVM setup for partitioning. I created an /boot/efi partition with fat32. Do I also need a separate /boot partition?
Because when I try to boot my computer afterward I only get the grub-rescue prompt.
I tried a new installation without encryption. Then it works when I only have /boot/efi.
I guess the kernel will be installed in the root partition?
Somebody encountered the same problem?
Thanks in advance for useful ideas.
Can you post the content of “/boot/efi/EFI/opensuse/grub.cfg”.
For me, that gives:
set btrfs_relative_path="yes"
cryptomount -u 6418eff91796412a9b0c9d2db5430640
search --fs-uuid --set=root 101d764c-9c76-4153-87c6-6c5de2df6987
set prefix=(${root})/boot/grub2
configfile $prefix/grub.cfg
That long string of gibberish following “cryptomount -u” is actually the UUID of the LVM partition (in my case, “/dev/sdb5”), except with the “-” character stripped out. What you are reporting suggests that grub is not finding that UUID.
But I have to let the problem rest for some time as I urgently need the notebook for work right now. And it seems there much more work to be done as I expected.
I will test it next month and leave it unencrypted by now. I will give some feedback if I know more.
This is on a bare-metal, fresh install of Leap 42.2 and, like the original poster, I elected for an encrypted LVM setup.
I’ve done a similar install of openSUSE several times pre-UEFI all of which have gone OK and have been upgraded to Leap 42.2 without problems, it’s just this fresh install that’s driving me up the wall.
I didn’t requote most of your post. But the information looks consistent, and is what I would expect given the UUID info that you gave.
Is your BIOS configured to use secure-boot? Or, at least, UEFI boot. If you try a legacy boot, I would expect problems, because you have installed for UEFI secure-boot. And that should also work with UEFI but secure-boot disabled. But it won’t work with legacy MBR booting.
If it is working properly, you should see a short grub prompt asking for the encryption key. After you provide that, you should see the grub2 menu. And after you select a line from the menu (perhaps the default), you would be prompted again for the encryption key.
That’s what I’m getting and it’s having to input the key in twice that’s annoying. I’d like to get rid of having to enter the key at the Welcome to GRUB screen and only have to enter it after I’ve selected the boot option to decrypt the LV partition.
I’m assuming that somehow I’ve added encryption to GRUB itself which was not my intention. As I say I’ve built a few machines using the encrypted LVM option and mostly by using the Expert partition option go get an increased size for /boot and had no problems in the pre-UEFI systems.
Is there a simple way of just removing the encryption from GRUB?
To have that, you need a separate “/boot” partition that is not encrypted.
However, if you are using “btrfs” for the root file system, then with a separate “/boot” partition you will lose the ability to boot from a read-only snapshot.
I’m assuming that somehow I’ve added encryption to GRUB itself which was not my intention. As I say I’ve built a few machines using the encrypted LVM option and mostly by using the Expert partition option go get an increased size for /boot and had no problems in the pre-UEFI systems.
It is not UEFI that makes the difference. It is having “/boot” on a separate unencrypted partition that makes the difference. If you have available disk space to setup a separate boot partition, you could still make that change. But, as mentioned above, you lose some of the benefits of “btrfs” if you do that.
I’m booting Tumbleweed the same was as you are. I am only finding it a minor inconvenience that I need to enter the encryption key twice.
That explains things. I’ve had a separate, non-encrypted /boot previously as was generated by the automatic configuration. The UEFI configuration didn’t give a separate /boot, just the /boot-efi so I didn’t create one. I’ve given over all the extra disk space to LV so there’s nothing free (easily) to create a new partition so I’ll have to live with the double key entry for the moment.
Thanks for your input on this - I’ve spent a couple of days installing the system repeatedly, trying various options and finally given up and decided to live with it just to have a working machine.
I think that started with opensuse 13.2. This is due to two changes. Firstly, grub2 started supporting “/boot” as encrypted, with its CRYPTODISK support (“GRUB_ENABLE_CRYPTODISK=y” in “/etc/default/grub”). And, secondly, the default use of “btrfs”, it became an advantage to not have a separate “/boot”. The reason here, is that for booting from snapshots to work, you need the grub setup to be part of the snapshot. And that requires it to be part of the root partition where the snapshots are made.
Sorry for digging out this old thread. But I found out what the problem causes. But I can’t exactly repeat the steps how I solved it. But I have the same problem again I guess.
When using the encrypted setup the problem is that the btrfs fs using those subvolumes. When using the lvm they are not created on the right place. It should be somewhere @/boot/efi. I’m not sure how to fix those entries but this causes the problem somehow.
Just wanted to add that the problem also exists in Leap 42.3 and it seems to be a bug. As I don’t can point it out that specific I cannot open a bug report.