Problem

After changing my LUKS passphrase with cryptsetup luksChangeKey, the passphrase prompt not only shows before grub, but also pops up again during boot.

Solution

Edit /etc/crypttab:

# <name>               <device>                         <password> <options>                                                                                                                        
14 luks-3f73e406-400c-4d10-8d29-19133640601c UUID=3f73e406-400c-4d10-8d29-19133640601c     /crypto_keyfile.bin luks

The 4th column is the key file used to decrypt. In my case, this file is no longer effective.

Create a new key file with random content:

dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=2

Add the key file to LUKS

sudo cryptsetup luksAddKey /dev/nvme0n1p6 /crypto_keyfile.bin

Re-generate the initram and update grub

# Ubuntu
sudo update-initramfs

# Arch
mkinitcpio -P

sudo update-grub

Author: Nobody

License: CC BY-NC-SA 4.0

Link: https://asdasd.page/2021/Solve-Two-Passphrase-Prompt-When-Boot-From-LUKS/