Hello, On Tue, Dec 28, 2021 at 10:00:51PM +0000, Andrew M.A. Cater wrote: > On Wed, Dec 29, 2021 at 08:55:29AM +1100, David wrote: > > I don't know about Grub asking for passwords, because I don't > > encrypt boot partitions. But if the question is about the initrd > > password prompt, then ... > > Encrypting boot partitions would be hard - how would you get to the > point of entering a passphrase ... this is why "encrypted LVM setup" _doesn't_ > encrypt boot in the default settings from the Debian partitioner.
grub2 does support unlocking LUKS so some people do encrypt /boot and have grub2 unlock it, but this isn't yet supported in the Debian installer so it seems unlikely that Polyna-Maude has done this. https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html If Polyna-Maude *has* done this, then the above link does also give some hints as to how to reduce the number of times a passphrase is asked. Otherwise if the use of LUKS is more conventional (unencrypted /boot, initramfs unlocks /) then Polyna-Mause may want to look in to ephemeral passphrase for swap that is set on every boot. Or perhaps just using a swapfile inside / so as to not have an extra block device to encrypt. Possibly more information needed as to what the OP's setup actually is. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting