Disable password prompt for encrypted LUKS partiton after setting up automatic decryption with TPM2

mayday0

1/27/24, 11:23 AM

I have a setup with an unencrypted EFI boot partition and an encrypted LVM volume. Secure boot is enabled and I have installed tpm2-toos and configured automatic decryption for the partition with clevis (following this guide: https://security.stackexchange.com/questions/194081/use-tpm2-0-to-securely-decrypt-the-hard-drive-in-linux-unattended)

It works fine, but on boot grub still asks me to enter the disk password manually. There is a couple seconds delay before the disk gets automatically decrypted and the boot continues normally. Is there a way to disable this password prompt and only show it when necessary (e.g. if automatic decryption fails for some reason)?

Thank you!

(I know this is a bit of a nitpicky and purely cosmetic issue x)

516

0 + 0

encryption

boot

grub2

tpm

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Disable password prompt for encrypted LUKS partiton after setting up automatic decryption with TPM2

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.