Hi all, when encrypting /boot on Buster after a fresh install of Debian
with encrypted lvm, I need to enter three times a passthrase (two times
foor /boot, one time foor /root)
"...
GRUB loading..
Welcome to GRUB!
Attempting to decrypt master key...
Enter passphrase for hd0,msdos1 (...):
Slot 0 opened
..
GNU GRUB version 2.04-5
The highlighted entry will be executed automatically in 0s.
...
Booting `Debian GNU/Linux'
Volume group "debian-bustervm-vg" not found
Cannot process volume group debian-bustervm-vg
Volume group "debian-bustervm-vg" not found
Cannot process volume group debian-bustervm-vg
Please unlock disk sda5_crypt:
cryptsetup: sda5_crypt: set up successfully
/dev/mapper/debian--buster--try02vm--vg-root: clean, 38666/507904 files,
434177s
Please enter passphrase for disk QEMU_HARDDISK (boot_crypt): ***"
I don't understand why after boot is encrypted the above passthrase
prompt ask me to enter this passthrase for the second time for the boot
partition.
Why is that so and how can I avoid this extra step?
I'm testing here in a qemu VM.
I use (1) to encrypt the boot partition.
1) https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
--
John Doe
