Parrot OS cryptsetup fails bad passphrase or options

Hello Purism community,

After I tried to relace Qubes with Parrot OS home edition despite proper and previous MBR reformatting and disk wipe on one of my two Samsung 980 Pro 500GB SSDs in my 32GB RAM Librem 14 laptop, I still encounter this ‘cryptsetup fails bad passphrase or options’ when attempting manual partition of LUKS ecryption (flag checked at boot, /, primary) for the rest of the SSD while in try_/_install mode except boot (1152MiB, ext4, /boot, boot flag unchecked, primary); nevertheless without any encryption partition, Parrot OS boots and works perfectly like PureOS and Qubes with encryption enabled.

At least, I have PureOS as my primary OS and Parrot OS uses the same Calamares installer. Phew!

What should I configure in PureBoot/ParrotOS so that this silly error doesn’t occur again? According to Purism, any Linux OS should work on its laptops.

@Kyle_Rankin Since you’re the PureBoot/Linux expert, could you please suggest me any solution for avoiding this cryptsetup error for OSs other than Qubes and PureOS? I’d greatly appreciate your expertise since it’s an honor to me to correspond with you!

Best,
Caligula

Hmm, unfortunately I don’t have experience with ParrotOS but applying general-purpose troubleshooting to this, I’m curious where exactly you see this error. Is it when attempting to install ParrotOS inside the partitioning tool they provide, when you enable encryption? Or is it after you have installed, when you do the first reboot into the ParrotOS installation? Also, are you dual booting with another OS? Are there any other non-standard things about this setup that would be helpful to know about?

Well, this error only occurs after the first reboot into ParrotOS installation after TPM is reset, new TOTP/HOTP keys are generated, and files in /boot are updated.

Yes, I do dual boot with PureOS on a different SSD where I have to switch /boot files in PureBoot options before.

Fortunately, Parrot OS uses the same type of Calamares installer like PureOS. Also, there are try/install, ram, memory test, troubleshoot, live, and so further boot modes after applying USB boot; however, try/install is recommended and worked perfectly without encryption enabled if and only if PureOS partitions are copied exactly via manual partition.

Thanks for your swift reponse ; )!

I would be curious to know whether you see this same error if you only had ParrotOS on the host and did an encrypted install (which I guess in your case would mean removing the drive that contained PureOS temporary).

Unless you enabled an option in PureBoot that we disable by default, that lets you store part of the LUKS key within the TPM, I can’t think of any other way that PureBoot itself would affect LUKS. I can however think of ways that having two different OSes share /boot, but using different kernels and different boot options, might affect it if they both modify the same grub.cfg when updated.

Well, I hope if I try your suggestion, no unpredictable additional issues will occur …

To be honest, where exactly should I find the PureBoot option of storing part of the LUKS key within TPM? I think I am blind for real … lol

Thanks for your concern!

Sorry for the inconvenience; nevertheless since yesterday evening, my mom has been feeling very bad due to a severe cold. I got to take care of her, so it will take a while till I can remove the PureOS drive since I have to purchase the right equipment as well. Well, she is #1 priority before I do anything.

I hope this is quite understandable and I sincerely apologize for wasting your time.

If you don’t know where the option is, then that’s a good sign you didn’t change it, so we can rule that out as a cause.

No apology is necessary, your priorities are in the right order. We’ll all be here when you can move to the next step.

Thank you so much for your understanding! Have a nice day ; )!