On boot LVM is asking the same password twice


#1

PureOS was installed by choosing “Erase disk” with “encrypt system” option.
After the PureOS was updated (sudo apt update && sudo apt full-upgrade) on boot LVM asks me for my encryption password twice.
There are solution?


3 steps needed at laptop startup instead of 2 steps before
3 steps needed to start using laptop instead of 2 steps before
Why does PureOS encrypt the hard disk twice when installing it?
#2

UPDATE: commenting out the GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub and then running update-grub seemed to do the trick. It’s still a bit of a mystery to me because that setting was enabled prior to the upgrade.

UPDATE2: I hadn’t noticed that in addition to grub asking for a password I was also asked for the password for each of the root and swap partition. Removing the GRUB_ENABLE_CRYPTODISK=y line prevents grub from asking for the password, but I still need to enter it twice, once for each partition. I even tried doing a clean install with the OEM image but that didn’t even complete properly, after installing and booting the first time and entering my user info and full disk encryption password on the next reboot the boot process stalled waiting for something related to cryptsetup.

bump. I experienced this as well, it would be nice to find a solution. The closest thing I’ve found was https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/, but it looks like that would keep the grub password and bypass the second where I would like the reverse, the same as it was on a fresh install.

Since I just did a fresh install I’m re-doing the erase+install and will look at the boot-related files to see if I can notice any difference between before-and-after a full-upgrade.


#3

I have found some tutorial here: https://unix.stackexchange.com/questions/392284/using-a-single-passphrase-to-unlock-multiple-encrypted-disks-at-boot, see if you might find it useful.

I am not sure what’s the cause of this, can you grab a screenshot of your partition layout (you can just grab a screenshot of GNOME Disks or Gparted).

Additionally, if you feel this is a bug, please go ahead and report it to our tracker.


#4

Thanks @mladen, that worked. I did have to install the keyutils package which provides /bin/keyctl needed to make this work.


#5

I installed PureOS recently on a couple of computers, using the wizard and the default option (without customizing the partitions). There’s a field box for the passphrase used to encrypt the hard disk with LUKS, but now when I boot these computers I have to insert the passphrase twice. It’s like it encrypted the main partition and the swap or something like it. I’m unsure, but I don’t know why it asks the password twice.

How can I avoid that? I want to decrypt my hard disk just once.


#6

After some update, my Librem 13 started to ask the password twice too.
The first one is just a text page asking for password.
The second one is the Purism branded graphical interface asking for the password.

I don’t know witch update caused that. I’ll have to check @mladen’s solution. It’s not a friendly experience for non-technical users.