LinuxQuestions.org - Machine requires 2 boots before it asks for LUKS passwd (Rocky 9.2)

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Machine requires 2 boots before it asks for LUKS passwd (Rocky 9.2) (https://www.linuxquestions.org/questions/linux-security-4/machine-requires-2-boots-before-it-asks-for-luks-passwd-rocky-9-2-a-4175726341/)

Machine requires 2 boots before it asks for LUKS passwd (Rocky 9.2)

Hi Guys,

here's a weird one.

I recently created a new Rocky 9.2 build (bare metal) on my Dell Latitude 5500.
I opted for LUKS for security, but mostly took the default options.

I've discovered that when I first boot it, I just get the DELL sign appearing and it stops there..
However, if I then power down (using the power button) and power on again, it will show the DELL sign, swiftly followed by a prompt for the LUKS passwd, and then it's fine from there.

Here's some info - hope it helps

Code:

lsblk

NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS

nvme0n1                                      259:0    0 238.5G  0 disk  

├─nvme0n1p1                                  259:1    0  600M  0 part  /boot/efi

├─nvme0n1p2                                  259:2    0    1G  0 part  /boot

└─nvme0n1p3                                  259:3    0 236.9G  0 part  

  └─luks-59f29ea5-88db-493a-b1bf-b48c1f0267be 253:0    0 236.9G  0 crypt 

    ├─rl_localhost--live-root                253:1    0    70G  0 lvm  /

    ├─rl_localhost--live-swap                253:2    0  7.7G  0 lvm  [SWAP]

    └─rl_localhost--live-home                253:3    0 159.2G  0 lvm  /home



blkid

# just the relevant entry

/dev/mapper/luks-59f29ea5-88db-493a-b1bf-b48c1f0267be: UUID="XBbVpt-Q8ls-h072-oaKS-6sWW-FPzu-YT0zTp" TYPE="LVM2_member"



blkid -t TYPE=crypto_LUKS

/dev/nvme0n1p3: UUID="59f29ea5-88db-493a-b1bf-b48c1f0267be" TYPE="crypto_LUKS" PARTUUID="2cd2c3b7-bc56-4474-978f-bc0ffe6e6c56"



cat /etc/crypttab

luks-59f29ea5-88db-493a-b1bf-b48c1f0267be UUID=59f29ea5-88db-493a-b1bf-b48c1f0267be none discard

Can you tell me how to make it prompt once only on the first boot please?

That is a mystery.

Perhaps a rootdelay=8 in the kernel append line would give it 8 more seconds to find all those partitions.

Oddly, it seems to be related to how long the machine has been powered off+disconnected from mains power.

I only have room for one machine at a time, so when I'm WFH, I take the personal machine off.
If I'm WFO, i usually leave it connected to power.

iirc over the last week, it does seem that if it's been off for a day (like today), then it won't reach the decrypt prompt.
I timed it and waited 2 mins, but nothing. I then powered off and on and I got the disk boot after ~ 14 secs and Decrypt prompt after ~ 24 secs (from boot).

I've added rootdelay=10 to grub's "GRUB_CMDLINE_LINUX=... " and we'll see what happens tomorrow if I disconnect before bed tonight.

Sounds very like one of my old machines. After months I concluded it must have a dry joint(s) somewhere or similar. So I just went with the flow. Power it on, go make a coffee, reset the box. Bingo.

See if things improve once we get out of winter.

Yeah - it's cold in Syddo, but I'm due for a break in Top End soon - warmth, sunshine & Salties ;)

PS I do seem to be able to force it by powering on twice fairly quickly, but I'll try to post back about the 10 sec delay for anyone else who comes across this.

For anyone playing along at home, yesterday it seemed the rootdelay thing did the trick, but conversely this morning, I had to revert to a 2nd boot to get the prompt to appear.
It was cold last night, so maybe syg00 is onto something...

At least atm I've generally found that I don't need to wait too long before hitting the 2nd boot, but it is annoying.
I guess I need a reputable(!) HW shop in Sydney to look into it...
Any suggestions ?