Fresh install boots to grub

Hi,
I installed TW to a Thinkpad T470. I chose LVM and LUKS.
On boot I get asked for the LUKS password, then I get the dreaded grub> prompt.

I have disabled secure boot (also tried with it enabled). I have UEFI and legacy boot enabled in BIOS.

When I boot from a live USB and run efibootmgr, the first entry is
Boot0001* opensuse-secureboot

I know this is probably something very obvious, but I’m missing it. What am I doing wrong? Thanks.

Do you have secure boot enabled? Also depending on how you installed it we may need to know what your partition table is.

I have tried with both secureboot enabled and disabled.
I chose the defaults for partitioning (entire disk, lvm, luks, btrfs)
I have /dev/nvme0n1p1 with 512M and /dev/nvme0n1p2 with the rest of the disk.

Don’t think LVM+BTRFS mixes well

As far as I know, that should work. I used it for a while, without issues. But I switched back to “ext4”, so my experience with that is a few years out of date.

I always do the “experts” option and set my partition carefully so I cannot really tell what you did. I am going to guess /dev/nvme0n1p1 is EFI partition mounted on /boot/efi and /dev/nvme0n1p2 as BTRFS /

The fact that you can only boot to grub means that something went wrong when mounting the /boot/efi what do you see before grub prompt?

I am referring to an old post https://forums.opensuse.org/showthread.php/534615-Botched-UEFI-dual-boot-with-W10-only-installs-boots-in-Legacy

Using parted on a live USB can you check if your “pmbr_boot” flag is set for the nvme drive?

I reinstalled without LVM, but this didn’t fix the issue.

Here is my parted output:

(parted) print all                                                         
Model: SanDisk Cruzer Blade (scsi) 
Disk /dev/sda: 7849MB 
Sector size (logical/physical): 512B/512B 
Partition Table: gpt 
Disk Flags:  
 
Number  Start   End     Size    File system  Name       Flags 
 1      32.8kB  2937MB  2937MB               ISO9660    hidden, msftdata 
 2      2937MB  2942MB  5095kB               Appended2  boot, esp 
 3      2942MB  2942MB  307kB                Gap1       hidden, msftdata 
 4      2942MB  7849MB  4907MB  ext4 
 
 
Model: INTEL SSDPEKNW010T9 (nvme) 
Disk /dev/nvme0n1: 1024GB 
Sector size (logical/physical): 512B/512B 
Partition Table: gpt 
Disk Flags:  
 
Number  Start   End     Size    File system  Name  Flags 
 1      1049kB  538MB   537MB   fat32              boot, esp 
 2      538MB   1016GB  1015GB 
 3      1016GB  1024GB  8220MB                     swap

Sorry, missed this question. On boot, I get the Lenovo splash, then

"Welcome to GRUB!

Attempting to decrypt master key…
Enter passphrase for hd1.gpt2 (abunchofascii) :"

I just did a fresh install into a virtual machine. This was Tumbleweed 20201205. Partition 1 is the EFI partition. Partition 2 is LUKS encrypted “btrfs” and partition 3 is swap.

It all went fine.

Yes, on booting, I see a similar screen. So I enter the encryption key. And then, after a few seconds, I get a grub menu.

Hmm, if I mistype the encryption key, I probably finish up with just a “Grub” prompt.

By the way, I do have secure-boot enabled. That isn’t causing any issue.

Is there a possibility that you mistyped the encryption key?

Yes, I didn’t take into account that the first prompt happens before the keyboard is set, so I mistyped the password.

Thanks a lot for your efforts everyone!

I guess this means that /boot is encrypted as well? Maybe I should reinstall and put that on another (unencrypted) partition so I don’t get asked twice for the password?

I was wondering if that might be the problem.

I guess this means that /boot is encrypted as well?

Yes, it is.

Maybe I should reinstall and put that on another (unencrypted) partition so I don’t get asked twice for the password?

I advise against that. If you are using “btrfs” it is better to have “/boot” part of the root partition. That way, if you roll back to an earlier snapshot, the boot menu and kernels will be appropriately rolled back.

Check the wiki entry SDB:Encrypted root file system. There’s a section on how to avoid having to enter the password twice.

Thanks, should have read the FAQ in the beginning… :slight_smile:

Now I have a working install, thank you very much.:good: