GRUB2 encryptionprblem

marcschulz5 · December 15, 2021, 9:43am

When I boot a system setup, the first thing that I see on the screen is:
Code:
Welcome to GRUB!

Attempting to decrypt master key…
Enter passphrase for hd0,gpt2 ():
I must enter the encryption key and if it is wrong I get a minimal grub shell.
If the password is correct I get the “normal” GRUB screen and after select the boot option I must enter a scent time my password and can final boot openSUSE.

hcvv · December 15, 2021, 9:55am

Hello and welcome to the openSUSE forums.

You described what you do and you described what happens. But it is unclear to me what the problem is. In other words, what do you expect to happen?

marcschulz5 · December 15, 2021, 10:16am

I want to boot in the “default” bootloader from grub so that I can skip the first and only must choose what I boot and enter the password.

hcvv · December 15, 2021, 10:31am

OK, I understand that you do not want to enter a password when loading Grub. You want Grub to start and only after you then choose to boot one of the offered systems, and that particular system is encrypted you want to enter the password for that OS.

Just wait a bit, we have some people here that know a lot about encryption.

marcschulz5 · December 15, 2021, 2:06pm

A little addendum I made a mistake in the openSUSE version I use the openSUSE-Tumbleweed-Snapshot20211212.

hcvv · December 15, 2021, 2:14pm

I changed the prefix of the thread title.

nrickert · December 15, 2021, 2:52pm

You presumably have an encrypted root file system, and “/boot” is part of that encrypted file system.

So grub2 needs the password before it can load the boot menu. There are ways to avoid the second password prompt, but not the first one.

To avoid the first password prompt, you would need a separate unencrypted “/boot”. This is not recommended if you are using “btrfs” for the root file system.

marcschulz5 · December 15, 2021, 4:13pm

Ok thanks, I’m thinking about changing the file system.

nrickert · December 15, 2021, 5:43pm

I am using “ext4” and I do use a separate unencrypted “/boot”.

gogalthorp · December 16, 2021, 2:59pm

Note you only get snapper with BTRFS

Svyatko · December 16, 2021, 5:16pm

User can install package “snapper” without presense of BTRFS.

gogalthorp · December 16, 2021, 7:01pm

Did not think it worked in other file systems. Just because it is installed does not mean it functions. In any case having a separate boot partition cuts you off from snapper at boot so no selecting snapshots from grub.

For TW snapper in my opinion is a requirement since rollbacks can occur fairly often. For leap not so many broken updates so little or no need for rollbacks.

kasi042 · December 16, 2021, 10:58pm

I just wanted to agree, but then “man snapper says this:”

**DESCRIPTION**
       Snapper is a command-line program for filesystem snapshot management. It can create, delete and compare snapshots and undo changes done between snapshots. 

       Snapper never modifies the content of snapshots. Thus snapper creates read-only snapshots if supported by the kernel. Supported filesystems are btrfs **and ext4 **as well as snapshots of LVM logical volumes 
       with thin-provisioning. Some filesystems might not be supported depending on your installation.

I have btrfs, so I can’t confirm or test it.

Svyatko · December 17, 2021, 6:42pm

http://snapper.io/overview.html

Works with btrfs, ext4 (discontinued) and thin-provisioned LVM volumes