Calamares encrypted install: systemd requires LUKS password twice on boot

Hey EOS Forum,

relative newbie here. For my home setup I used to install EOS with separate partitions (unencrypted root, encrypted /home).
Now for my work I wanted to use Calamares to install a fully encrypted system following:

I followed the guide exactly with the exception of selecting Swap (Hibernate) from the drop-down menu.

Now to my problem:
Every time when booting I am now prompted twice to enter my encryption password. The first prompt is for ‘endeavouros’ the second prompt for ‘’.
Is this the desired behaviour and if yes how do I get it to only ask for the password once (like in the above guide)?

This is the output of lsblk that I get.

NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1                                       259:0    0 476,9G  0 disk
├─nvme0n1p1                                   259:1    0  1000M  0 part  /efi
├─nvme0n1p2                                   259:2    0 459,4G  0 part
│ └─luks-f3327b12-f55c-404f-9ba3-a3b1af9ce588 254:1    0 459,4G  0 crypt /
└─nvme0n1p3                                   259:3    0  16,6G  0 part
  └─luks-9eee5a55-64c0-4a62-8270-dc52d789e85c 254:0    0  16,6G  0 crypt [SWAP]

I read the instruction at

here they talk about setting up a keyfile but instructions seem to be specific to GRUB while I’m on systemd-boot.

Thanks in advance for the help.

You shouldn’t embed a keyfile in the initrd when using systemd-boot so you will get asked for your password once for each partition.

There are 3 ways to avoid this:

  • Use grub
  • Use a swapfile instead of a swap partition
  • Use lvm on luks

Awesome, thanks a lot @dalto

Can confirm that switching from a swap partition to a swapfile (and then properly removing the encrypted swap partition) solves my issue.
In my case it would have probably been better to just reinstall and select swapfile from the dropdown menu in Calamares, but it was a nice exercise to do it manually.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.