Encrypted /boot password has to be entered twice

To: debian-user@lists.debian.org
Subject: Encrypted /boot password has to be entered twice
From: john doe <johndoe65534@mail.com>
Date: Tue, 25 Feb 2020 11:30:42 +0100
Message-id: <[🔎] 166580fd-2e5d-56c7-66f9-d0cb5a3488f4@mail.com>

Hi all, when encrypting /boot on Buster after a fresh install of Debian
with encrypted lvm, I need to enter three times a passthrase (two times
foor /boot, one time foor /root)

"...

GRUB loading..
Welcome to GRUB!

Attempting to decrypt master key...
Enter passphrase for hd0,msdos1 (...):
Slot 0 opened

..

                            GNU GRUB  version 2.04-5

   The highlighted entry will be executed automatically in 0s.

...

  Booting `Debian GNU/Linux'

  Volume group "debian-bustervm-vg" not found
  Cannot process volume group debian-bustervm-vg
  Volume group "debian-bustervm-vg" not found
  Cannot process volume group debian-bustervm-vg
Please unlock disk sda5_crypt:
cryptsetup: sda5_crypt: set up successfully
/dev/mapper/debian--buster--try02vm--vg-root: clean, 38666/507904 files,
434177s
Please enter passphrase for disk QEMU_HARDDISK (boot_crypt): ***"

I don't understand why after boot is encrypted the above passthrase
prompt ask me to enter this passthrase for the second time for the boot
partition.
Why is that so and how can I avoid this extra step?

I'm testing here in a qemu VM.

I use (1) to encrypt  the boot partition.

1)  https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html

--
John Doe

Reply to:

Follow-Ups:
- Re: Encrypted /boot password has to be entered twice
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: One more thing about slim: It may no longer be a Maintained Package
Next by Date: Re: Modern automounters and umount
Previous by thread: Re: Buster won't boot with Xen hypervisor
Next by thread: Re: Encrypted /boot password has to be entered twice
Index(es):
- Date
- Thread