I set up a new desktop with Slackware - encrypted drive, un-encrypted /boot/efi partition, using grub2 as bootloader. I've found several threads online about dealing with entering the luks password twice, but mostly distros using initramfs and systemd.

Anyone solve this on Slackware?

Entering luks PW once (as with ELILO) would be my desired outcome.

Did you read the README_CRYPT.TXT file ?
What tutorial have you follow?

Thanks for reminding me about that doc. I hadn't consulted it since it doesn't mention Grub, but the initrd section helped solved this issue.

By creating a luks key with the password to my root drive on a USB stick, and inserting to my mkinitrd list, I was able to eliminate the second password request.

If anyone else tries this, I'll note that using the LABEL= did not work for me, but UUID= did (typo maybe, who knows).

It also appears that Grub needs only and no additional modules in GRUB_CMDLINE_LINUX.

My next test will be to see about encrypting the /boot partition (sda1) and storing the key there.

Ah, so one can only use the first partition of the USB stick?

I was having trouble making it locate, via LABEL, the second partition of my USB stick.

I don't know, as I didn't test a usb with multiple partitions. I specified "partition 1" so that if someone came across this thread, it would be clear I used the UUID of the partition (e.g. /dev/sdb1) rather than the UUID of the USB device itself (e.g. /dev/sdb).

I didn't get it to work with LABEL at all, although after a few failures I simply switched to using UUID which is my preference in other configs anyway. In other words, I can't definitely say LABEL doesn't work, but it didn't for me.

Update: As it turns out for me, I can't get it to detect any USB drive, regardless if I use LABEL or UUID, whether the drive is FAT or some other filesystem type. It will detect SATA drives' partitions, though.

There is a "sleep 3" on line 620 of mkinitrd; I'm wondering if my USB drives need more time to get online so they'll be detected.

Are you generating the initrd using the full output of mkinitrd_command_generator.sh? Remember that the -K [...] options are added to the full output of the generator script.

No, I'm using, where the conf file has LUKSKEY in it.

Ok, well Slackware includes a handy script called mkinitrd_command_generator.sh that might help.

chroot into your slackware install and run:

This will output a customized mkinitrd command that may be quite long. Then retype that command verbatim to your prompt so you can actually execute it. Copy 'everything within the single quotes'

You can then append the -K UUID option to the end of the command.

see here:
https://mirror.math.princeton.edu/pu...ADME_CRYPT.TXT

and
https://docs.slackware.com/talk:slac...eginners_guide

and here is what the mkinitrd manual says about labels:
https://linux.die.net/man/8/mkinitrd

The "-m" option of my output includes many kernel modules:My mkinitrd.conf's MODULE_LIST was empty. Including those modules worked. thanks