[SOLVED] GRUB loads encrypted initramfs, but systemd cannot find it

raxod502 · 2025-12-27 23:03:38

I am installing Arch on a System 76 Oryx Pro 6, using GRUB to load an encrypted boot partition formatted as btrfs. I have this partition layout:

# lsblk /dev/nvme0n1
NAME        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
nvme0n1     259:0    0  1.8T  0 disk  
├─nvme0n1p1 259:1    0 1022M  0 part  /efi
└─nvme0n1p2 259:2    0  1.6T  0 part  
  └─root    253:0    0  1.6T  0 crypt /swap
                                      /home
                                      /

And these filesystem options:

# mount | head -n4
/dev/mapper/root on / type btrfs (rw,relatime,ssd,space_cache=v2,subvolid=256,subvol=/@root)
/dev/mapper/root on /home type btrfs (rw,relatime,ssd,space_cache=v2,subvolid=257,subvol=/@home)
/dev/mapper/root on /swap type btrfs (rw,relatime,ssd,space_cache=v2,subvolid=258,subvol=/@swap)
/dev/nvme0n1p1 on /efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)

So that GRUB can load the initramfs from the encrypted root partition, I specified this in /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet"
GRUB_CMDLINE_LINUX="rd.luks.name=25442c41-3222-4322-8c5a-5c7b4903cd82=root"

I use grub-mkconfig from within the chroot, so the root and rootflags options are automatically detected by GRUB and added to /boot/grub/grub.cfg:

        linux   /@root/boot/vmlinuz-linux root=UUID=7a03e2d3-a475-44b2-a52e-0d7647d3db44 rw rootflags=subvol=@root rd.luks.name=25442c41-3222-4322-8c5a-5c7b4903cd82=root loglevel=3 quiet

When I boot the system, GRUB prompts me for my LUKS passphrase. Then the kernel and ramdisk are loaded, and I am brought to the GRUB menu. After selecting a boot entry, systemd starts up in the ramdisk, but it hangs waiting for the root filesystem to become available, with the following logs:

[ TIME ] Timed out waiting for device /dev/disk/by-uuid/25442c41-3222-4322-8c5a-5c7b4903cd82.
[DEPEND] Dependency failed for Cryptography Setup for root.
[DEPEND] Dependency failed for Local Encrypted Volumes.
[ TIME ] Timed out waiting for device /dev/disk/by-uuid/7a03e2d3-a475-44b2-a52e-0d7647d3db44.
[DEPEND] Dependency failed for File System Check on /dev/disk/by-uuid/7a03e2d3-a475-44b2-a52e-0d7647d3db44.
[DEPEND] Dependency failed for /sysroot.
[DEPEND] Dependency failed for Initrd Root File System.
[DEPEND] Dependency failed for Mountpoints Configured in the Real Root.
[DEPEND] Dependency failed for Initrd Root Device.

Note that these are the UUIDs of the LUKS block device /dev/nvme0n1p2 and the decrypted root filesystem /dev/mapper/root. I don't understand how these filesystems can be unavailable: GRUB configuration resides in the root filesystem, so it must be available by now. What am I misunderstanding about that?

It's a bit hard for me to troubleshoot more directly at this stage, as the root account is locked in Arch's initramfs, so I cannot access the emergency shell. I've gone through the various wiki pages related to dm-crypt, GRUB, and disk encryption; however, so far I haven't been able to find what configuration I am missing. Of course, the systemd hooks are enabled in /etc/mkinitcpio.conf:

HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt filesystems fsck)

Is anyone able to point me at what I have done wrong, or what configuration needs to be added in order to get the last stage of the boot to run properly?

In case it's helpful, here are the partition UUIDs, to double-check what I said above:

# blkid
/dev/nvme0n1p1: UUID="A556-FDCC" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="f9c03138-904b-4fa1-9dc9-432bcb603b3f"
/dev/nvme0n1p2: UUID="35143d29-1543-405d-96ba-f3e1457e1d06" TYPE="crypto_LUKS" PARTLABEL="cephandrius" PARTUUID="66f6f9dd-4f33-4421-b099-2dc39de3b2f2"
/dev/mapper/root: UUID="7a03e2d3-a475-44b2-a52e-0d7647d3db44" UUID_SUB="96039843-3801-43dc-9c5f-28d7ed1676a4" BLOCK_SIZE="4096" TYPE="btrfs"

(Original post title: "GRUB loads initramfs from encrypted root, but systemd cannot find same", amended when marked as [SOLVED] to reduce character count.)

Last edited by raxod502 (2025-12-28 04:50:53)

system72 · 2025-12-27 23:15:01

the uuid is supposed to be the uuid of the luks superblock, i am not sure where you got

25442c41-3222-4322-8c5a-5c7b4903cd82

f.e.

35143d29-1543-405d-96ba-f3e1457e1d06

additionally you might have to set the root kernel parameter to /dev/mapper/root, and you have an extra uuid in the generated config, no idea where that came from but your grub config looks truncated

Last edited by system72 (2025-12-27 23:24:17)

raxod502 · 2025-12-28 04:49:40

Wow, you sure are right. Now I'm confused where I got that UUID from. I could swear I copied it using the tmux pasteboard directly from the blkid output, but now that I look at it again, that's obviously nonsense.

Anyway, I fixed that UUID and the system boots perfectly. Thank you! Tagging this thread as [SOLVED].

Arch Linux

#1 2025-12-27 23:03:38

[SOLVED] GRUB loads encrypted initramfs, but systemd cannot find it

#2 2025-12-27 23:15:01

Re: [SOLVED] GRUB loads encrypted initramfs, but systemd cannot find it

#3 2025-12-28 04:49:40

Re: [SOLVED] GRUB loads encrypted initramfs, but systemd cannot find it

Board footer