Asahi with Disk Encryption - Issue to boot encrypted Disk

Howdy,

thank you for that wonderful Asahi project!

For the next level of usage, I came to increase and encrypt my Asahi disk. To make this more like just a toy partition. I followed the David Algner tutorial on that and got things sorted [0].

Now I’m stuck with a non-booting partition and I don’t know where to start with. I’ll just share what I have, hoping that someone can make sense out of it.

  • The disk encryption via the LUKS blogpost went well. I can re-iterate on it, seeing that the encrypted disk is actually decryptable and mountable. I can also perform the explained actions on the decrypted disk. I can also see my contents on the decrypted and mounted disk.
  • Regular or USB boot complains about a failing mount some disk UUID, which turns out to be the root UUID in my /etc/fstab. Which likely comes from a missing decryption and therefore is logical.
  • There is never a request to enter a passphrase at any point. The regular boot just stalls on the missing root partition. USB boot overcomes this error of course.
  • Entering the GRUB console and trying to decrypt the disk manually via cryptomount (hd0,gpt6) tells me, I’d have a bad passphrase. Which is not true; I can use that exact same passphrase to decrpt the disk in USB boot via cryptsetup open /dev/nvme0n1p6 fedora-root.

Please let me know if you have any guess, advice, what to follow-up.

Best, Pansen!

[0] Fedora Asahi Remix with LUKS Encryption · David Alger

Ooook.

I entered the chroot via USB boot again.

In /etc/default/grub

  • I added GRUB_ENABLE_CRYPTODISK=true
  • GRUB_CMDLINE_LINUX_DEFAULT was changed from rd.luks.uuid=... to rd.luks.uuid=luks-...

then again:

grub2-mkconfig -o /boot/grub2/grub.cfg
dracut -f

Now I’m asked for a password, even with GUI. Solved :slight_smile: