OpenSUSE Tumbleweed, I changed encryption password with Gnome Disks and Grub2 wouldn’t accept any password upon rebooting.
I’m posting this here because while it is not a bug it is a feature that tripped me up and hopefully this will save someone a little anxiety.
Gnome Disks (gnome-disk-utility 46.0, UDisks 2.10.1 (built against 2.10.0))
Grub2 (2.12-22.1)
Problem:
My laptop wouldn’t boot into Tumbleweed because GRUB wouldn’t accept any password after changing the password using the Disks app in Gnome, on a week old install.
Solution: I booted from a OpenSUSE Tumbleweed USB drive using the rescure option and manually added a new key by running this command after logging in as root:
crypsetup luksAddKey --pbkdf pbkdf2 /dev/drivename
After validating that I knew the argon2id created by Disks it created a new pbkdf2 key which is accepted by Grub2.
Causes:
Gnome disks changes the encrypted volume’s key to an argon2id and deleted the existing pbkdf2 key. Grub2 does not work with argon2id keys. I slowly arrived at this solution by being able to mount the drive (and its subvolumes) using:
cryptsetup luksOpen /dev/drivename my_drive
sudo mount /dev/mapper/my_drive /mnt
Then reading fstab from /mnt/etc, Doing so let me know that two days of work wasn’t lost and that a key had been accepted. I then used:
crypsetup luksDump /dev/drivename
And found the argon2id key only. A brief online search for Grub2 and argon2id showed it was generally not supported by Grub2. From there I found a way of adding an alternative key that was accepted. Breaking stuff is an effective but unpleasant way of learning new things.
Replication (not verified):
Install Tumbleweed with an encrypted btrfs main partition (I pretty much stuck to defaults) then change encryption key with Gnome Disks and reboot.