On Fri, 14 Jun 2024 19:28:31 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-06-14 17:40, Daniel Bauer wrote:
(Sorry for unintended private answer, Andreas)
Am 14.06.24 um 16:53 schrieb Andreas Stieger via openSUSE Users:
On 2024-06-14 16:41, Daniel Bauer wrote:
[LUKS activation in grub] takes a full minute.
See https://bugzilla.opensuse.org/show_bug.cgi?id=1184069
- What is that first passphrase question for?
grub needs to read it's config, and kernel and initrd from /boot. And that is on an encrypted device in your case.
- Why does it appear? (I have never seen that and have installed don't know how many PC's and Laptops) - How can I can get rid of it?
See the relevant bugs:
https://bugzilla.opensuse.org/show_bug.cgi?id=1206710 https://bugzilla.opensuse.org/show_bug.cgi?id=1212853 https://bugzilla.opensuse.org/show_bug.cgi?id=1205314
Andreas
Thank you Andreas,
I wasn't aware that in the /-tree within the encrypted LVM there will be a /boot directory, as I had a separate, unencrypted /boot/efi partition.
So I installed again, and added an unencrypted /boot partition outside of the LVM.
(To not have to change the LVM from the last install, I just made the /boot/efi partition smaller (0.2 instead of the 0.5 GiB that the installer proposed) and used the freed 0.3 GiB for the new /boot partition. I checked on my desktop and saw that those sizes should be enough.)
Now the laptop starts normal, is asking the passphrase only once and the further procedure is immediately without waiting time.
So, your hint has solved my problem, Thank you!
I have a fully encrypted Lenovo laptop, just without using LVM, as prepared by YaST. Also running Leap 15.5 currently. It has these partitions:
/boot/efi / /home swap
Each is separately encrypted, except "/boot/efi" (the ESP partition).
On booting, the code in /boot/efi is read and it asks for the passphrase. The grub menu appears, the kernel loads and it asks for the passphrase a second time, this time by the kernel. The first time it is grub code asking.
Grub needs the passphrase in order to be able to load the kernel in ram. And the kernel needs the passphrase later in order to open the disks.
This is normal.
However, there is a trick so that it asks only once, basically by storing a encryption key file inside the initrd archive. I can not explain the trick in detail because it is no use to you (you are using LVM) and I'd have to read my notes ;-)
The LVM encryption method is older.
What's the point of this tale for Daniel? AFAICT he now has a working system and all I can understand of your tale is more complication and confusion for him, unless he understands it is irrelevant. Or have I misunderstood?