I have a fresh install where I asked for full-disk encryption. During boot, I now have to enter my password twice in a row. I have looked at my /etc/crypttab and it seems both my regular system and the seperate SWAP partition are both encrypted via LUKS with the same password and during boot I thus have to enter my encryption-passord twice, 1st to unlock my system, 2nd to unlock the swap-partition.
Is there a way to configure it so that I will only have to enter the encryption password once?
I have already googled but since Endeavor appears to be using dracut instead of mkinitpcio makes it hard to find a proper answer.
Well I did select it I during installation I believe. Since the OS is on an older laptop with not the greatest battery I considered it would most likely be usefull since I can close the lid and leave it as is. But I wouldn’ t condider it a crucial necessity.
Why? Is it easier to just get rid of th swap partition rather then to have a single encryption password to decrypt and mount both my regular system and the swap partition?
In addition (unless I am not getting the full concepts here), if a double encryption entry on boot is a necessary consequency of wanting disk encryption & a swap partition for hibernation, then maybe there should be a little warning regarding that inconvienence if a user chooses both options in the installer?
If you use systemd-boot and a swap partition you will need to enter the encryption password twice because storing a keyfile in the initramfs is not practical. An easy way to avoid having to enter the password twice would be to remove the swap partition and instead use a swap file, which will be located inside the encrypted partition.
This came up recently in another thread if you are interested in reading through it:
Final note might still be to add a small warning in the GUI-installer of Endeavor OS when users select disk-encryption and a swap partition to notify them ahead of the actual install that their choices will lead to a situation where they will be propmpted for their encryption password twice during boot.
I think I will change to a swap-file when time allows me to adjust it as such.