Hi everyone,
I’m using Tumbleweed with KDE Plasma 6 and full disk encryption with systemd-boot instead of Grub.
This worked nicely until the last two kernel updates.
Now, there is no password prompt during boot for disk decryption with 6.8.5-1-default and 6.8.6-1-default.
It still works with the older kernels 6.8.4-rc1-default and previous, which are still available in the boot menu along with the btrfs snapshots (but it is not necessary to boot from am older snapshot).
In general, I much like the systemd-boot approach for the single password prompt. With Grub, I need to enter the password twice. The boot messages are cluttered and messy, though, but I think this will improve over time.
Any help or hint is appreciated.
Thanks
Daniel
I am in no way intimate with this subject, but when it works in an older kernel, it is a regression and worth a bug-report.
Please clarify what you mean by “no password prompt”. If you mean something like systemd-cryptsetup failed to start or “Failed to start Cryptography Setup for cr_root” during boot procedure, please check out this post. I encountered the unbootable bug introduced by dracut-pcr-signature after snapshot 20240412 and it got fixed in snapshot 20240415.
If the problem described in the post is indeed what you are into, I’d suggest:
- Boot into the latest bootable snapshot.
- Update to the latest snapshot.
dracut -f --regenerate-all- Reboot.
Tried this, but no success.
My issue seems to be this:
https://bugzilla.suse.com/show_bug.cgi?id=1222750
The postings say it’s fixed, but maybe I’m still missing an updated package.
This bugzilla item is exactly the one mentioned in the post I put. Please check whether dracut-pcr-signature got updated to version 0.3+1, or you can follow this suggestion first that disables pcr-signature.
@danielmader as indicated by @ramdomPTM it’s in the new snapshot just released, zypper dup and should be fixed…
After performing zypper dup a few hours ago, the issues was not fixed. Verison of dracut-pcr-signature is
# rpm -qa | grep dracut-pcr
dracut-pcr-signature-0.3+1-1.1.noarch
But now, there is an update openSUSE Tumbleweed 20240417-0 → 20240418-0 which updates dracut-pcr-signature to 0.3+5-1.1, so let’s see 
No, this does not fix it either. Seems there is some manual intervention required. According to the post, I need to call dracut -f --regenerate-all to rebuild the initrds (two kernels affected.
Thanks for your help!
Did that fix it? 
No 
No trying to reinstall dracut. Maybe that triggers the correct action(s).
Also no luck. I’ll wait until the next kernel upgrade and hope for the best. Until then, I’ll work with 6.8.4-rc1-1-default.
I solved the same problem by removing “dracut-pcr-signature” and all dependencies (including the kernel packages). Then I reinstalled “dracut-pcr-signature” and “kernel-default”. Next run “dracut -f --regenerate-all” and reboot the system.
Booting kernel 6.8.5 and 6.8.6 is no longer a problem for me.
Latest updates to Tumbleweed 20240419 with kernel 6.8.7-1-default fixed it for me without further messing with the system, i.e. no need to remove anything or fix any config file.
Thanks everyone for this fast problem solving!
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.