LUKS passphrase required twice per boot after changing passphrase

I added a new key to luks via

cryptsetup luksAddKey

and removed old keys via

cryptsetup luksKillSlot

Now, after entering the passphrase on the usual GRUB screen, I get the message

No key available with this passphrase.
Invalid keyfile. Reverting to passphrase.

A password is required to access the luks-b8e…
Enter passphrase for /dev/nvme0n1p2:

After entering the same passphrase as before again, it boots into the os.

The following image sequence shows the process.


The way it is configured by default it is unlocked by grub via the passphrase and then unlocked in the initramfs via a keyfile.

If you:

You probably removed the access to the keyfile as well.

You should re-add the keyfile.

So the luks partition gets unlocked twice? So I need to add a luks slot entry where the “password” is that keyfile, where do I find that keyfile?


That worked, thanks! Can you point me to some endeavouros documentation where I could have figured that out myself. Using search engines didn’t help me.

I believe this setup with /crypto_keyfile.bin is not specific to EndeavourOS or Arch. This mechanism is also being used by other distros.

A good starting point to read is the Arch wiki:

It is the default mechanism used by Calamares.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.