Solve Two Passphrase Prompt When Boot From LUKS Mar 7th 2021 Words: 123

Problem

After changing my LUKS passphrase with cryptsetup luksChangeKey, the passphrase prompt not only shows before grub, but also pop up again during boot.

Solution

Edit /etc/crypttab:

1
2
# <name>               <device>                         <password> <options>                                                                                                                        
14 luks-3f73e406-400c-4d10-8d29-19133640601c UUID=3f73e406-400c-4d10-8d29-19133640601c /crypto_keyfile.bin luks

The 4th column is the key file used to decrypt. In my case, this file is no longer effective.

Create a new key file with random content:

1
dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=2

Add the key file to LUKS

1
sudo cryptsetup luksAddKey /dev/nvme0n1p6 /crypto_keyfile.bin

Re-generate the initram and update grub

1
2
3
4
5
6
7
# Ubuntu
sudo update-initramfs

# Arch
mkinitcpio -P

sudo update-grub