Problem
After changing my LUKS passphrase with cryptsetup luksChangeKey
, the passphrase prompt not only shows before grub, but also pops up again during boot.
Solution
Edit /etc/crypttab
:
1 2
| # <name> <device> <password> <options> 14 luks-3f73e406-400c-4d10-8d29-19133640601c UUID=3f73e406-400c-4d10-8d29-19133640601c /crypto_keyfile.bin luks
|
The 4th column is the key file used to decrypt. In my case, this file is no longer effective.
Create a new key file with random content:
1
| dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=2
|
Add the key file to LUKS
1
| sudo cryptsetup luksAddKey /dev/nvme0n1p6 /crypto_keyfile.bin
|
Re-generate the initram and update grub
1 2 3 4 5 6 7
| sudo update-initramfs
mkinitcpio -P
sudo update-grub
|