Arch Linux

wizardkeys

Member

Registered: 2026-03-29

Posts: 1

GRUB not prompting for LUKS decryption password on boot - LVM on LUKS

Hi, I'm installing Arch Linux with LVM on LUKS on a Lenovo Legion 5 (dual booting with Windows 11). GRUB loads and shows the menu, but when I select Arch Linux it goes black and never asks for a LUKS decryption password, falling straight into emergency mode.

System:
- Lenovo Legion 5
- NVMe SSD, dual booting with Windows 11
- Systemd 260.1, cryptsetup 2.8.4, mkinitcpio latest

Partition layout:

nvme0n1p1  vfat    SYSTEM_DRV   → shared Windows/Arch EFI at /boot/efi
nvme0n1p5  vfat    A33D-0E39    → /boot (unencrypted)
nvme0n1p6  crypto_LUKS          → LUKS2 encrypted container
  └─cryptlvm  LVM2 member
      ├─vg0-lv_swap   16G
      ├─vg0-lv_root   40G  → /
      └─vg0-lv_home   55G  → /home

/etc/default/grub:

GRUB_ENABLE_CRYPTODISK=y
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet rd.luks.name=<UUID>=cryptlvm root=/dev/vg0/lv_root"
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

mkinitcpio HOOKS:

HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt lvm2 filesystems fsck)

Boot errors:

Timed out waiting for device /dev/f7352a-c8ec-412d-99ad-36f75dcf35b6
Dependency failed for Cryptography Setup for cryptlvm
Dependency failed for Local Encrypted Volumes
Timed out waiting for device /dev/vg0/lv_root
Cannot open access to console, the root account is locked

What I tried:
- Verified LUKS UUID matches blkid exactly
- Reran grub-install and grub-mkconfig multiple times
- Ran grub-install with --modules="cryptodisk luks2 lvm part_gpt"
- Set root password inside chroot
- Enabled NetworkManager
- Verified /boot has grub, initramfs-linux.img and vmlinuz-linux

Note: sd-encrypt was initially missing from /usr/lib/initcpio/hooks/ due to systemd 260.1 and cryptsetup 2.8.4 mismatch. Fixed after reinstalling both packages. mkinitcpio now completes successfully with sd-encrypt.

GRUB never prompts for decryption password at all. Is this a known LUKS2 + GRUB issue or am I missing something?

Last edited by wizardkeys (2026-03-29 00:38:41)

Scimmia

Fellow

Registered: 2012-09-01

Posts: 13,712

Re: GRUB not prompting for LUKS decryption password on boot - LVM on LUKS

First off, GRUB should not be asking for a password, the initramfs and kernel aren't encrypted so it has no reason at all to unlock the LUKS container.

You said you verified the LUKS UUID, but *which* UUID? Don't tell us you did something, show us. You even removed it from the config, don't do that.

Never use 'quiet' in the kernel command line when you're troubleshooting. You want it to show you what's happening.

montenegro

Member

Registered: 2026-04-01

Posts: 10

Re: GRUB not prompting for LUKS decryption password on boot - LVM on LUKS

First off, GRUB should not be asking for a password, the initramfs and kernel aren't encrypted so it has no reason at all to unlock the LUKS container.

Unless you put boot directory in root.

montenegro

Member

Registered: 2026-04-01

Posts: 10

Re: GRUB not prompting for LUKS decryption password on boot - LVM on LUKS

Try simple rd.luks.uuid=$(blkid of root).

Scimmia

Fellow

Registered: 2012-09-01

Posts: 13,712

Re: GRUB not prompting for LUKS decryption password on boot - LVM on LUKS

First off, GRUB should not be asking for a password, the initramfs and kernel aren't encrypted so it has no reason at all to unlock the LUKS container.

Unless you put boot directory in root.

Which is not the case here, so irrelevant.

Try simple rd.luks.uuid=$(blkid of root).

This is wrong, don't do that.

Last edited by Scimmia (2026-04-01 10:33:23)

jonno2002

Member

Registered: 2016-11-21

Posts: 848

Re: GRUB not prompting for LUKS decryption password on boot - LVM on LUKS

most likely using the wrong UUID, you want the uuid of

nvme0n1p6  crypto_LUKS 

if in doubt post output of

lsblk -f

you can remove:

GRUB_ENABLE_CRYPTODISK=y

as your not using an encrypted boot partition

you can also remove

root=/dev/vg0/lv_root

from GRUB_CMDLINE_LINUX_DEFAULT as grub will do this for you.