On a Librem 13v4 using a LibremKey to decrypt the root filesystem I upgraded from Amber to Byzantium.
After the upgrade was done I could only decrypt my root fs using the (emergency) passphrase, but not using my LibremKey as before in Amber.
I found the follwoing issues:
→ GRUB_CMDLINE_LINUX_RECOVERY not used by grub-mkconfig
It also patches /etc/grub.d/10_linux to use the content of GRUB_CMDLINE_LINUX_RECOVERY when generating grub.cfg using grub-mkconfig.
But grub-mkconfig does not export the variable GRUB_CMDLINE_LINUX_RECOVERY (anymore?) and the value from /etc/default/grub is not used.
I made a merges request to add the functionality (back) to grub-common.
I also opened an issue for smartcard-key-luks to mention the problem there.
→ LibremKey for rootfs decryption not supported by dracut
In Byzantium the initrd images in /boot/ are generated by dracut (an alternative to update-initramfs). dracut does not put the files necessary for decryption of the rootfs using the LibremKey into the initrd files.
The package initramfs-tools in the Byzantium repo does not contain /usr/sbin/update-initramfs. To me it seems uncomplete and/or broken. Is is installed alongside with dracut which seems not to be possible in debian bullseye.
I installed initramfs-tools and initramfs-tools-core from the debian bullseye repositories. The dracut package has been deinstalled by this automatically. update-initramfs generated a initrd which included the missing files for disk decryption using the LibremKey and disk decryption using the LibremKey does work again like in Amber.
Created an issue for smartcard-key-luks for this problem.