USB key not mounting at boot to unlock LUKS system

I am running Debian Jessie. I have 2 hard drives with my various partitions spread across both (not RAID). Both of them are separately LUKS encrypted, and LVMs sit upon both of those. My /boot partition is the only partition not included on the two hard drives; instead, it is located on an unencrypted USB stick. On the /boot partition is myKeyfile.key which should unlock both of the hard drives [but doesn't]. My goal is to have fully inaccessible/useless disks whenever the system boots without the USB stick. Here is what I have done to accomplish this. I used this answer on StackOverflow as a guide. ---------- /etc/default/cryptdisks - # Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes # mountpoints which are configured in /etc/fstab/ as arguments. Separate # mountpoints by space. # original: CRYPTDISKS_MOUNT="" CRYPTDISKS_MOUNT=/boot According to the comment, I just have to make sure I have the proper mountpoint name as described in fstab. For completeness, here is the relevant line: /etc/fstab - # UUID= /boot ext4 defaults 0 2 ---------- /etc/crypttab - sda1_crypt UUID= /boot/myKeyfile.key luks,keyscript=/bin/passphrase-from-usb sda2_crypt UUID= /boot/myKeyfile.key luks,keyscript=/bin/passphrase-from-usb I could specify the UUID of the USB drive (instead of /boot/myKeyfile.key), but then I'm not sure how I would specify that myKeyfile.key is the file I'm interested in. /etc/initramfs-tools/hooks/passphrase-from-usb - #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . "${CONFDIR}/initramfs.conf" . /usr/share/initramfs-tools/hook-functions copy_exec /bin/passphrase-from-usb /bin /bin/passphrase-from-usb - #!/bin/sh set -e if ! [ -e "$CRYPTTAB_KEY" ]; then echo "Waiting for USB stick to be recognized..." >&2 sleep 5 fi if [ -e "$CRYPTTAB_KEY" ]; then echo "Unlocking the disk $CRYPTTAB_SOURCE ($CRYPTTAB_NAME) from USB key" >&2 echo "Using $CRYPTTAB_KEY as the key source" >&2 dd if="$CRYPTTAB_KEY" bs=1 count=256 2>/dev/null exit else echo "Can't find $CRYPTTAB_KEY; USB stick not present." >&2 fi /lib/cryptsetup/askpass "Manually unlock the disk ($CRYPTTAB_NAME)\nEnter passphrase: " ---------- ---------- This is what I am greeted with upon booting: Loading, please wait... Volume group "vg-root" not found Skipping volume group vg-root Unable to find LVM volume vg-root/lv-root Volume group "vg-other" not found Skipping volume group vg-other Unable to find LVM volume vg-other/lv-swap Waiting for USB stick to be recognized... [ 3.159979] sd 7:0:0:0: [sdd] No Caching mode page found [ 3.160152] sd 7:0:0:0: [sdd] Assuming drive cache: write through Can't find /boot/myKeyfile.key; USB stick not present. Manually unlock the disk (sda1_crypt) Enter passphrase: After I enter the passphrase, the same exchange happens for the second disk, sdb1_crypt. ---------- I'm doing something wrong, but I'm not sure what. Since CRYPTDISKS_MOUNT "specifies the mountpoints that are mounted before cryptdisks is invoked", I thought adding /boot to it would make /boot available before the unlocking procedure began. However, it does not appear to be mounted when /bin/passphrase-from-usb runs. I am sure that myKeyfile.key is added as a LUKS key to both drives, and I have updated the initramfs via update-initramfs -u.