I need a piece of advice concerning an encrypted root partition on Fedora 26. I'm
running a custom manual setup created using dnf.
* The installation procedure is outlined in this tread -- and quite likely irrelevant to
this question anyway:
* The disk layout is described in this comment:
Unlike Fedora 23 and 24, both of which booted just fine, Fedora 26 has two glitches
related to my encrypted LUKS root partition:
1. Dracut fails to automatically add the crypt module. It doesn't seem to care about
LUKS-related settings in /etc/default/grub and/or about the fact that the system runs off
an encrypted volume. I had to manually add add_dracutmodules+="crypt" into
/etc/dracut.conf, or else I wouldn't get a password prompt on boot and the early
systemd would freeze waiting for the root partition to appear. It works normally with
2. Possibly as a consequence of (1), systemd doesn't realize that the root partition
has been already activated and luksOpen'ed at boot time and keeps trying to unlock it
over and over. The consoles are spammed by messages like this one, basically on every sudo
Password entry required for 'Please enter passphrase for disk cryptprdell-luks
(plainprdell)!' (PID 5492).
Please enter password with the systemd-tty-ask-password-agent tool!
Of course I tried to run the systemd-tty-ask-password-agent tool and type in the password.
But then systemctl --failed showed a failure in systemd-cryptsetup(a)plainprdell.service,
the auto-generated unit for the LUKS volume. Presumably, journalctl revealed that the
error message had been "Failed to activate: Device or resource busy". Well,
that's indeed what happens when you try to open a LUKS volume that's already
If I don't use systemd-tty-ask-password-agent at all, systemctl status permanently
shows "starting" and never reaches "running", because of the LUKS
volume it thinks it needs to activate. (I tried systemctl disable, but nope, that had no
This appears to have something in common with an ancient bug from 2013:
Has anything changed (1) in the way Dracut finds out whether the crypt module is needed
(which worked at least up to Fedora 24) or (2) in the way systemd generates its automatic
units for encrypted volumes? Something must have changed, but I have no idea what it is
and how to get the old behavior back. :-/
My /etc/default/grub and /etc/crypttab are attached. The current kernel version is