Installation with LUKS encryption requires passphrase to be entered twice on boot

ROME, KDE & Gnome

Good afternoon!

I’m observing an issue on Rome where after the installation, it prompts me for the LUKS passphrase prior to loading Grub and then once again afterwards from within Plymouth.

It’s not a hard blocker by any means, just the first time I’ve encountered this on any distro. Is anyone else running into this?

Thanks!

4 Likes

@RedCardinal
welcome1

Welcome!

I don’t use luks, so I can’t help on this one, but we are glad to see you.

I use luks and indeed this is what happens.

This has already been reported and will be tested when possible:

1 Like

I did a search before posting but I guess I missed it. My bad.

It happens sometimes. No worries.

1 Like

Okay,

So the folks at GitHub had a good workaround. I just confirmed it in a VM.

In the live environment before running the installer, edit /etc/calamares/settings.conf and move -fstab down several lines until it’s immediately after - dracutlukscfg as seen here: [settings.conf] Move fstab after luksbootkeyfile · calamares/calamares@232a78b · GitHub

The tradeoff is that you don’t get the graphical LUKS password prompt from Plymouth.

1 Like

To elaborate on my prior, it would seem that it’s prompting me for the LUKS password before Grub loads. I dunno. I may have that wrong. To clairify, I have to enter the LUKS password before I get the Grub menu. I’d like the start procedure to mimic what I’m used to with EndeavourOS after installing and configuring Plymouth although I believe that EndeavourOS uses systemd-boot by default.

I’m going to keep doing some research and if I find a solution, I’ll post it here. I’d actually like to start contributing to a FOSS project instead of just using it.

2 Likes

There are plenty of opportunities to help out around here. :smiley:

Lol.

So, I tested with OM5 and a vanilla install doesn’t have the issue of entering LUKS twice, but it still prompts the user for the password before the Grub menu loads.

Well shit.

https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Avoiding_having_to_enter_the_passphrase_twice

I’m just assuming that it was a security decision to require LUKS prior to Grub instead of in initramfs.

Well, looks like my fix above is as good as it’s going to get.

3 Likes