0

During the installation, I have chosen the option to erase the entire drive, formatting it as ext4. I have checked the "Encrypt disk" checkbox, and entered and confirmed a password. The resulting disk layout has an ESP, an unencrypted /boot and an encrypted / using LUKS2.

When the system boots, it will not accept the password I have entered during setup, erroring with cryptsetup failed, bad password or options?. After erroring out like this three times, a message appears, stating "Maximum amount of attempts exceeded". Around 30 seconds later, this message is replaced with "Please unlock disk". After this, the fourth time, the password is accepted.

andOlga
  • 736

1 Answers1

1

It appears that the options that Calamares, the current Kubuntu installer, uses for encrypting the disk do not match the cryptsetup defaults on the actual installed OS, reesulting in this error. It also seems that after erroring out 3 times, cryptsetup tries to actually read the LUKS header on the encrypted disk instead of relying on the incorrect defaults. The fix, to make it read the header immediately, is as follows:

  1. Boot into the system by entering the password four times, as described in the original question.
  2. Execute sudo nano /etc/crypttab in a terminal, to open the file in a text editor.
  3. Locate the (single) line that indicates your encrypted device. It will look as follows (where BAADC0DE is the randomly-generated UUID of your disk):
luks-BAADC0DE UUID=BAADC0DE none
  1. Add the text luks to the end of the line. If the drive is an SSD, use luks,discard instead. This will result in:
luks-BAADC0DE UUID=BAADC0DE none luks
  1. Save the file, by hitting Ctrl-O and agreeing to the prompt.
  2. Run sudo update-initramfs -u.

On the next boot, the system should accept the password immediately from the first prompt.

andOlga
  • 736