I recently installed Jessie on a laptop (w/UEFI) and discovered the poor user needed to type the passphrase twice while booting. So I
found a website that suggests modifying initrd.img-* by inserting a second passphrase into initrd.img-*...and using another luks slot. The passphrase is in the init image.
Now when it wakes up it instantly asks for a passphrase. Then it doesn't ask a second time because it already has the new binary passphrase already loaded into initramfs.
So my question is: does the first password unencrypt the boot image somehow, or does the initramfs image contain the unencoded alternate password (in cleartext) I included, ready for hacking?
I thought I'd get an outside opionion. I'm not done reading the author's technical tutorials yet.