GRUB2 encryptionprblem

When I boot a system setup, the first thing that I see on the screen is:
Welcome to GRUB!

Attempting to decrypt master key…
Enter passphrase for hd0,gpt2 ():
I must enter the encryption key and if it is wrong I get a minimal grub shell.
If the password is correct I get the “normal” GRUB screen and after select the boot option I must enter a scent time my password and can final boot openSUSE.

Hello and welcome to the openSUSE forums.

You described what you do and you described what happens. But it is unclear to me what the problem is. In other words, what do you expect to happen?

I want to boot in the “default” bootloader from grub so that I can skip the first and only must choose what I boot and enter the password.

OK, I understand that you do not want to enter a password when loading Grub. You want Grub to start and only after you then choose to boot one of the offered systems, and that particular system is encrypted you want to enter the password for that OS.

Just wait a bit, we have some people here that know a lot about encryption.

A little addendum I made a mistake in the openSUSE version I use the openSUSE-Tumbleweed-Snapshot20211212.

I changed the prefix of the thread title.

You presumably have an encrypted root file system, and “/boot” is part of that encrypted file system.

So grub2 needs the password before it can load the boot menu. There are ways to avoid the second password prompt, but not the first one.

To avoid the first password prompt, you would need a separate unencrypted “/boot”. This is not recommended if you are using “btrfs” for the root file system.

Ok thanks, I’m thinking about changing the file system.

I am using “ext4” and I do use a separate unencrypted “/boot”.

Note you only get snapper with BTRFS

User can install package “snapper” without presense of BTRFS.

Did not think it worked in other file systems. Just because it is installed does not mean it functions. In any case having a separate boot partition cuts you off from snapper at boot so no selecting snapshots from grub.

For TW snapper in my opinion is a requirement since rollbacks can occur fairly often. For leap not so many broken updates so little or no need for rollbacks.

I just wanted to agree, but then “man snapper says this:”

       Snapper is a command-line program for filesystem snapshot management. It can create, delete and compare snapshots and undo changes done between snapshots. 

       Snapper never modifies the content of snapshots. Thus snapper creates read-only snapshots if supported by the kernel. Supported filesystems are btrfs **and ext4 **as well as snapshots of LVM logical volumes 
       with thin-provisioning. Some filesystems might not be supported depending on your installation. 

I have btrfs, so I can’t confirm or test it.

Works with btrfs, ext4 (discontinued) and thin-provisioned LVM volumes