Since Debian 13 (Trixie), when using the default FDE which uses grub to decrypt the luks partition, I have a single attempt

When the password is mistyped there is a long pause (over 10 seconds) and then the error appears.

I already tried increasing the max tries, which seems to be set to 1 when a keyfile is used.

The config/script seems to be in /usr/share/initramfs-tools/scripts/local-top/cryptroot.

I copied that to /etc/initramfs-tools/scripts/local-top/cryptroot and replaced the value CRYPTTAB_OPTION_tries=1 with 10 using find/replace (ansible stuff).

I think this has no effect though and doing so (might be a different issue) breaks boot entirely 💀

More info:

  • by default when legacy boot (BIOS) is available, Debian will install grub to the MBR. This is where it happens
  • when forcing or prioritizing legacy boot and using GPT, debian somehow boots from a 300MB efi partition, the same happens though, one attempt
  • MimicJar@lemmy.world
    5·
    18 days ago

    After you updated the config did you update-initramfs or update-grub (I forget which flags might be needed off hand).

    Since this is happening pre-boot it isn’t reading from /etc.

    • boredsquirrel@slrpnk.netOP
      5·
      18 days ago

      Hm, I only ran update-grub

      Ran update-initramfs from the chroot trying to repair it

      Found that there is a cleaner way in /etc/default/grub with grub commandline arguments. But that wants a source= variable which is weird to me as that hardcodes a drive in there that wasnt there first?

      Tbh I will try this on a secondary laptop now, I reinstalled that thing like 5 times now and am a bit traumatized XD

      Luckily we have more than enough