LUKS fresh installation "no key available with this passphrase" on a Tuxedo InfinityBook Pro 15 AMD

Hello dear community! :wave:

I hope you’re doing great! I’m currently having an issue that I wanted to report, to know if I’m doing something wrong or not.

TL;DR;

Can’t decrypt the LUKS partition (from stage 1 boot) after fresh install, with the correct password (tested through CLI after installation, before restarting). I may suspect some keyboard layout issue.

Steps

Let me break it down in a comprehensible way :

  1. Downloaded this ISO : nixos-gnome-24.11.715908.7105ae395770-x86_64-linux.iso
  2. Burned it on an USB with sudo dd if=<iso-file>.iso of=/dev/sda bs=4M status=progress conv=fsync oflag=direct
  3. Booted and installed NixOS 24.11 on my machine, nothing fancy (through Calamares), using defaults
    • Changed the country to the corresponding keyboard (did this after my third re-installation, who knows?)
    • Changed the keyboard layout to the corresponding one (no fancy layout), and tested it in the little text box below
    • “Erase disk” for the partitioning + “Encrypt disk” (LUKS) with a password (which I tested in the previous text box, to confirm the layout)
  4. Opened “Disks”, locked the newly LUKS formatted partition and unlocked it without issue
  5. Restarted to apply the installation
  6. Entered my password when prompted at the first boot stage
  7. Getting an error : "no key available with this passphrase - failure" (tried several times to be sure of the passphrase I was entering, I’m 100% positive it’s the correct one)
  8. Result : can’t access my newly installed NixOs… :smiling_face_with_tear:

Context

Questions

  1. What could be the issue here?
  2. If it’s a keyboard layout issue, how can I fix it before restarting?
  3. If I want to investigate the configuration generated by Calamares, where should I look? I might be able to enforce a services.xserver.xkb/console.keyMap layout?

Thank you in advance, for taking your time to read me and for your help :pray:
Take care!


PS: BTW I tried the latest ISO nixos-gnome-24.11.716793.a880f49904d6-x86_64-linux.iso but couldn’t get it to start correctly… I had plenty of services that couldn’t start at boot time and then i had something like “Starting getty on tty1” (might be for the autologin?), but it was failing too…

maybe this? Can NixOS Set Keyboard for Grub/LUKS Password? - #9 by JimJ92120

1 Like

Hi @JimJ92120 !

Thanks for your answer! :slight_smile:

May I ask where did you put your config in a freshly installed NixOS system (not yet rebooted)? Did you generate a new config through nixos-generate-config and applied it there?

Because once NixOS is installed through Calamares, where do I find the future system’s configuration? Because I presume I’ll have to apply it there (and then nixos-rebuild switch), right?

Thanks for your help

do you still encounter issuee regarding the passphrase input?

I’m not familiar with Calamares,

If installed on your device via the live USB method (and similar), then nixos should generate the configuration.nix in /etc/nixos

If you build your own image to deploy it e.g in a container or VM, then configuration files for nixos are “embedded” in that image which means:

  • nothing should appear in /etc/nixos on fresh install
  • you can still add a configuration.nixs in /etc/nixos which would build on top of the custom image initial (existing) configuration.nix

Note that if running in a container or a VM, following must be added to your config:

boot.isContainer = true;

This might be fine for a container (depending on how things are done; there are modules in nixpkgs that should be used for docker or lxc guests rather than setting this manually), but it’s definitely bad advice for a VM.

Yes i still do, because if I understand correctly, when installing NixOS from a bootable device, we’re mounting the main disk which will contain our future system (after reboot).

When using Calamares, the mounted partition is here /run/media/nixos/<uuid>/etc/nixos/configuration.nix. So I’ve edited this file to add your snippet (some settings were already set), saved it and then I suppose I need to apply this new conf to the mounted partition.

  • How can I apply my changes from the generated configuration.nix (e.g. from Calamares) ? Because nixos-rebuild switch will use the bootable’s /etc/nixos/configuration.nix, which I don’t want

  • So should it be nixos-install with some custom --root pointing to /run/media/nixos/<uuid>/etc/nixos/configuration.nix?

Cheers!

correct and all config (whatever you configure with Nixos installer) will be added to /etc/nixos/configuration.nix - which you’ll see after the 1st reboot

  1. create your image with whatever “base configuration” you need
  2. build and run your VM / container
  3. log into that VM / container
  4. create a etc/nixos/configuration.nix (in the VM / container but not on the assigned partition / space on your disk)
  5. add whatever “additional configuration” (which will build on top of the image configuration)

OR instead of 3, 4, 5, you can simply create a new VM / container with different config
Not quite sure if there’s a “correct” way here though.

To me, I would just re-create a new VM / container and avoid editing configs within the VM / container then it’s kinda twice the changes to track cause ending up with 1 config for the image + 1 config for the container

That shouldn’t be touched AFAIK, edit from within the VM / container instead


ha good one, edited my post

Thanks for your inputs @JimJ92120 !

Just to be clear on the context, it’s a bare installation on a physical machine to be used as the main OS. So no VM/container involved at this stage.

I’m really just trying to know if NixOS + LUKS will work fine on this new machine, just by booting from the official ISO like any new user wanting to try it. Apparently it doesn’t work (for me), but I’m trying to figure out why :slight_smile:

Let me share with you some tests I did after the installation and still before the first reboot (hence, still on the removable bootable NixOS device’s live system) :

  1. Mounted the future system partition (where NixOS just got installed). Now available at /run/media/nixos/<uuid> (default when using Gnome Disks)
  • Does it have to be mounted to /mnt if ever I need to edit the future system?
  1. cd /run/media/nixos/<uuid> (the mounted partition)
  2. Adding the below snippet to the mounted configuration.nix
services.xserver.xkb = {
  layout = "XX"; # This line was already containing the correct kb layout defined when installing the system
  variant = "";
};
console = {
  earlySetup = true;
  useXkbConfig = true;
};
  1. nixos-install --root /run/media/nixos/<uuid>
  • :warning: Warning --root wants an absolute path btw

But at this stage, I got an unexpected issue : “[…] services.xserver.xkb.layout is already defined somewhere else. […] Please use lib.mkDefault or lib.mkForce. Which got me thinking, that may be the reason why my configured layout isn’t taken in account. Where is this config defined with a higher priority?

Anyway, I’ve used the force lib.mkForce, issue went away, new one coming up : failed to install bootloader. '/boot' is not a mounted partition. Is this path configured correctly?. :upside_down_face:

What am I doing wrong? Found this thread about a similar issue, without any sustainable usable solution so far… @m-clare Have you find the root cause of your issue (sorry for pinging you on this old thread)

Thanks for your help guys! Have a nice day

The Nixos installer should set all correctly, including partitions required, swap and LUKS encryption and shouldn’t need step 1 to 2 afaik.

So configure all with the Installer then while still in the Installer and before the 1st reboot, add to /etc/nixos/configuration.nix:

// sudo -e /mnt/etc/nixos/configuration.nix
console = {
  earlySetup = true;
  useXkbConfig = true;
};

Then the following and reboot afterwards:

cd /mnt
sudo nixos-install

(see: NixOS Installation Guide - NixOS Wiki. - section right above and right below)

That’s already defined when you go through the Installer step.
You should be able to see the current configuration.nix with sudo cat /mnt/etc/nixos/configuration.nix

That’s only when within the Installer / USB so don’t touch that.
After the first reboot, configuration will be located in /etc/nixos/configuration.nix.


If still no success, try without Calamares.

If you got a dual-boot setup, you might have to wipe it first, install Nixos then re-install the other OS or if on another disk, physically remove the other OS’s disk from your computer, install Nixos then re-add your disk.

Thanks!

In /etc/nixos/configuration.nix, I only have one import (and nothing more) and it’s the installation cd (default). Not sure if adding something here will change the boot behaviour, since it’s the live system (in which I won’t boot at restart).

In your snippet you mention /mnt/etc/nixos/configuration.nix, I don’t have that file, probably because I’m using Calamares and not installing NixOS manually, right?

Using Calamares, nothing is mounted under /mnt once the installation is complete… :eyes:

Once again, this is a very basic and default installation, ISO downloaded from nixos.org (checksum verified), laptop is clean, the entire disk is used (no other systems) and I’m just wondering why when typing my LUKS passphrase on stage 1 boot, I get an error while being 100% sure that it’s correct (explained above).

I was expecting a smooth experience as I’m not doing anything fancy with the conf. What am I missing that should be obvious? :thinking:

Sounds like it.
Are you able to install without it? That will quickly confirm.
Prolly partion name being different but I’m not familiar with Calamares so can’t really help on that one haha

That’s cause you need the following:

console = {
  earlySetup = true;
  useXkbConfig = true;
};

Can’t really tell why though but there are some discussions on the forum and Github (see link on my 1st post).


Can try this within the installer? nixos-beginners-handbook/installing-configuration.md at d05179640689de734956e80c4e22e06bbff40c09 · kstenerud/nixos-beginners-handbook · GitHub

1 Like

So I’ve managed to get it working! BUT still wonder why this isn’t default in the public nixos ISOs :eyes:

:memo: Here’s what I did (for documentation purposes) :

  • Installed nixos with LUKS and a QWERTY/AZERTY friendly passphrase
    • :information_source: To make sure I could log in no matter what
  • Configured and applied the above console snippet to make sure my keyboard layout was available at stage 1
    • :warning: Make sure to remove/comment your console.keyMap (or use lib.mkForce) because it’ll enter in conflict with console.useXkbConfig which will use services.xserver.xkb.layout
  • Changed my current - temporary - LUKS passphrase to more complex one, through Gnome Disks (“Change passphrase” on the LUKS partition)
  • Rebooted and tadaa! Complex passphrase accepted using the correct keyboard layout! :tada:

Thanks for your patience and support @JimJ92120 ! I’ll mark this post as the answer (for completeness of the steps for new users), but the answer has been given here :

1 Like