PureOS was installed by choosing “Erase disk” with “encrypt system” option.
After the PureOS was updated (sudo apt update && sudo apt full-upgrade) on boot LVM asks me for my encryption password twice.
There are solution?
2 Likes
UPDATE: commenting out the GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub and then running update-grub seemed to do the trick. It’s still a bit of a mystery to me because that setting was enabled prior to the upgrade.
UPDATE2: I hadn’t noticed that in addition to grub asking for a password I was also asked for the password for each of the root and swap partition. Removing the GRUB_ENABLE_CRYPTODISK=y line prevents grub from asking for the password, but I still need to enter it twice, once for each partition. I even tried doing a clean install with the OEM image but that didn’t even complete properly, after installing and booting the first time and entering my user info and full disk encryption password on the next reboot the boot process stalled waiting for something related to cryptsetup.
bump. I experienced this as well, it would be nice to find a solution. The closest thing I’ve found was https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/, but it looks like that would keep the grub password and bypass the second where I would like the reverse, the same as it was on a fresh install.
Since I just did a fresh install I’m re-doing the erase+install and will look at the boot-related files to see if I can notice any difference between before-and-after a full-upgrade.
I have found some tutorial here: https://unix.stackexchange.com/questions/392284/using-a-single-passphrase-to-unlock-multiple-encrypted-disks-at-boot, see if you might find it useful.
I am not sure what’s the cause of this, can you grab a screenshot of your partition layout (you can just grab a screenshot of GNOME Disks or Gparted).
Additionally, if you feel this is a bug, please go ahead and report it to our tracker.
Thanks @mladen, that worked. I did have to install the keyutils package which provides /bin/keyctl needed to make this work.
I installed PureOS recently on a couple of computers, using the wizard and the default option (without customizing the partitions). There’s a field box for the passphrase used to encrypt the hard disk with LUKS, but now when I boot these computers I have to insert the passphrase twice. It’s like it encrypted the main partition and the swap or something like it. I’m unsure, but I don’t know why it asks the password twice.
How can I avoid that? I want to decrypt my hard disk just once.
Did @mladen’s solution work for you? I am wondering how to avoid typing in my encryption password twice.