I have Ubuntu 18.04 with full disk encryption with two partitions: EFI ESP and LUKS1 encrypted root partition (no separate /boot). After installing grub and rebooting, it just shows normal
grub > prompt instead of asking for LUKS password and booting Ubuntu. The kernel unlocks root filesystem by using LUKS keyfile in /etc/luks/boot_os.keyfile.
Grub configuration file in /boot/efi/EFI/ubuntu/grub.cfg doesn't include cryptomount command so it's not even trying to unlock root partition:
search.fs_uuid ee03828b-76bc-4143-a2fb-f86719a90fca root cryptouuid/88251fdb112a4924a9c69892f17322e8
set prefix=($root)'/boot/grub'
configfile $prefix/grub.cfgcryptomount -u 88251fdb112a4924a9c69892f17322e8grub-install to include cryptomount in grub.cfg inside ESP, so that system upgrade won't break my system?
### Other config files:
**/etc/default/grub**
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT=1
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_DISTRIBUTOR=lsb_release -i -s 2> /dev/null || echo Debian
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX=""
GRUB_DISABLE_OS_PROBER=true
GRUB_ENABLE_CRYPTODISK=y
GRUB_PRELOAD_MODULES="luks cryptodisk"/etc/fstab**
#
/dev/mapper/nvme0n1p2_crypt / ext4 errors=remount-ro 0 1
/swapfile none swap sw 0 0
UUID=6225-46A9 /boot/efi vfat defaults 0 1/etc/crypttab**
#
nvme0n1p2_crypt UUID=88251fdb-112a-4924-a9c6-9892f17322e8 /etc/luks/boot_os.keyfile luks,discard/etc/cryptsetup-initramfs/conf-hook**
KEYFILE_PATTERN=/etc/luks/*.keyfilelsblk -e7 -f**
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 vfat SYSTEM E463-AB68
├─sda2
├─sda3
└─sda4 ntfs WinRE_DRV B27667B5766778CD
nvme0n1
├─nvme0n1p1 vfat 6225-46A9 /boot/efi
└─nvme0n1p2 crypto_LUKS 88251fdb-112a-4924-a9c6-9892f17322e8
└─nvme0n1p2_crypt ext4 ee03828b-76bc-4143-a2fb-f86719a90fca //etc/default/grub.
Asked by Hasumashi
(51 rep)
Nov 25, 2021, 12:17 PM
Last activity: Jun 26, 2025, 05:05 PM
Last activity: Jun 26, 2025, 05:05 PM