I have tried with both secureboot enabled and disabled.
I chose the defaults for partitioning (entire disk, lvm, luks, btrfs)
I have /dev/nvme0n1p1 with 512M and /dev/nvme0n1p2 with the rest of the disk.
As far as I know, that should work. I used it for a while, without issues. But I switched back to “ext4”, so my experience with that is a few years out of date.
I always do the “experts” option and set my partition carefully so I cannot really tell what you did. I am going to guess /dev/nvme0n1p1 is EFI partition mounted on /boot/efi and /dev/nvme0n1p2 as BTRFS /
The fact that you can only boot to grub means that something went wrong when mounting the /boot/efi what do you see before grub prompt?
I just did a fresh install into a virtual machine. This was Tumbleweed 20201205. Partition 1 is the EFI partition. Partition 2 is LUKS encrypted “btrfs” and partition 3 is swap.
It all went fine.
Yes, on booting, I see a similar screen. So I enter the encryption key. And then, after a few seconds, I get a grub menu.
Hmm, if I mistype the encryption key, I probably finish up with just a “Grub” prompt.
By the way, I do have secure-boot enabled. That isn’t causing any issue.
Is there a possibility that you mistyped the encryption key?
Yes, I didn’t take into account that the first prompt happens before the keyboard is set, so I mistyped the password.
Thanks a lot for your efforts everyone!
I guess this means that /boot is encrypted as well? Maybe I should reinstall and put that on another (unencrypted) partition so I don’t get asked twice for the password?
I guess this means that /boot is encrypted as well?
Yes, it is.
Maybe I should reinstall and put that on another (unencrypted) partition so I don’t get asked twice for the password?
I advise against that. If you are using “btrfs” it is better to have “/boot” part of the root partition. That way, if you roll back to an earlier snapshot, the boot menu and kernels will be appropriately rolled back.
Check the wiki entry SDB:Encrypted root file system. There’s a section on how to avoid having to enter the password twice.