Disk encryption require all parition password

Hello Everyone

thanks for the team for the their good work

yesterday i installed rocky 8.4 while encrypt the / and swap partition then for the first run after install it require the password for the (/) root partition then it ask for the swap password while both are the same i did not had that before when using Centos 8.3

then for any restart / start the machine it only ask for the encryption password for the / but not the swap but if i insert the (/) root partition in wrong way it ask for the password again which is expected and after that it ask for the swap partition

not sure if that expected or i miss something here

by the way i am using luks version 2 and my installation has only 3 partition / swap and /boot (boot can not be encrypted as you know)

thanks for the time and have a nice day :slight_smile:

Hi @JustSomeone!
If you want to use only one password, you have to encrypt an LVM volume group, inluding two logical volume / and swap.


1 Like

thanks @krono86 but the issue that when i install it only asked for password once for the encryption if that was the case it should ask for each partition password

the issue is that it ask for swap and / password if i inserted it wrong then it ask for both but if i insert it right it does not ask for the swap only for the root

hope that make it more clear now

thanks again and have a nice day :slight_smile:

Have you used “Automatic” or “Custom” partiioning?


and the layout are

  1. /boot
  2. /
  3. swap

all are in the same Hard drive

thanks again :slight_smile:

If you want only one password is needed, be sure to use LVM for both, / and swap.
It’s also necessary that the two logical volumes are part of the same volume group (“rl” into the image):

Under “Volume Group” menu, click on modify and set “Encrypt” enabled:

You will see the changes affect on the swap logical volume too:

Now, I’m pretty sure system will ask for password only one time.


that is the case
the main point here

when the device boot

i have to enter the password of the root partition  which is fine 

if the password is correct then the device boot as it should be

if the password is wrong then i have to retype it which expected but then i have to type the password for the swap partition 

which both are same as it only been asked once in the installation process

so it only ask for swap only and only if i type the / password wrong

thanks again for all the time and effort

Ok, now I understand!
I’m on a fresh installed system, and I’m not able to replicate your issue.
When I type a wrong password, I have to retype that only one time.


thanks alot @krono86
it will try to dive more into it maybe i miss something

thanks again and have a nice day :slight_smile:

Please, report the output of lsblk.
It’s a strange behaviour.


sure and thanks a lot for your time

i agree but i am new in linux world that why i was not sure if it bug or new feature or i am missing something

thanks again :slight_smile:

Here it is!
You have configured your volumes as LUKS-on-LVM. You need LVM-on-LUKS.
Reinstall the system using my suggestions, you will solve.


1 Like

thanks a lot i will try it but i have question

why it behave like that only when i enter wrong password for the root
should not it always ask for both password (/ and swap)

thanks again and have a nice day :slight_smile:

This is strange.
Maybe your swap volume is decrypted using a key file stored on the root volume.
When you correctly decrypt root, the key file is found and the swap volume is correctly decrypted; when you type a bad passphrased for root volume, you are prompted for inserting a valid passphrase for the swap volume, and then you have to retype your passphrase for root volume too.


the problem when i type it wrong it ask for the root password again then the swap

and is there away to dive into that to trace it

sorry i am not expert in linux world

and thanks a lot for your time and help

Hi @JustSomeone

This is normal behaviour because you create two encrypted partitions instead of encrypting the entire LVM volume group. Had you done it how @krono86 mentioned then you wouldn’t have this problem since you would be entering it solely for the LVM group. Since the group is encrypted, the passwords are not per partition level.

You are not going to fix it by leaving your system as it is. @krono86 provided you with screenshots on how you should be installing the system, and your screenshot shows that it doesn’t match and it’s clear to see that you encrypted root and swap separately.

I too also had it done like you once, and it’s not possible to resolve. Do it the way that has been suggested. In fact, on my system I had encrypted every partition separately like you, also used the same password for each partition, but then it asked me 5 times to enter the password for each partition as I had swap, /, /usr, /var and /tmp and it didn’t matter that the password was the same or not. You are lucky that it does actually attempt to use it for the second partition. Obviously when you entered a failed one, it then forces you to enter for all partitions separately. Only when I encrypted the LVM group did I resolve the problem, so this is the solution.

thanks a lot @iwalker for the details

and thanks for @krono86 also

and have a nice day both of you :slight_smile:

1 Like