我正在尝试使用 LUKS 在加密的系统驱动器上安装 Kubuntu 19.04。安装完成，但 GRUB 不要求输入密码，系统无法启动。

我发现了其他一些关于此问题的问题，但它们导致死链接或告诉我设置CRYPTFS=y并运行update-initramfs。我认为这已经是 Ubuntu 19.04 中的默认设置，但我还是尝试了，但它不起作用。

如何让 GRUB 在启动时要求输入密码？

概括

1. 磁盘：
   • /dev/sda1: /boot/efi，未加密
   • /dev/sda2: /boot，未加密
   • /dev/sda3，/dev/mapper/cryptroot：/，加密
2. 使用上面的挂载点安装 Kubuntu
3. 添加cryptdevice=UUID=6d5b5f47-58e8-4a9c-89c8-4f503f35ff3f:cryptroot root=/dev/mapper/cryptroot到chroot/etc/default/grub并在其中运行update-grub
4. 我看到了 GRUB，看到了 Kubuntu 启动画面，然后只看到了一个闪烁的下划线

细节

1. 从 Live CD 启动

2. 使用以下方式对磁盘进行分区sudo fdisk /dev/sda

   • /dev/sda1: 电喷系统
   • /dev/sda2：Linux 文件系统
   • /dev/sda3：Linux 文件系统

   Welcome to fdisk (util-linux 2.33.1).
   Changes will remain in memory only, until you decide to write them.
   Be careful before using the write command.
   
   Device does not contain a recognized partition table.
   Created a new DOS disklabel with disk identifier 0x087d3a28.
   
   Command (m for help): g
   Created a new GPT disklabel (GUID: 73F157B8-7425-7844-AE8E-3A46EF2ED5A4).
   
   Command (m for help): n
   Partition number (1-128, default 1): 
   First sector (2048-20971486, default 2048): 
   Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-20971486, default        20971486): +128M
   
   Created a new partition 1 of type 'Linux filesystem' and of size 128 MiB.
   
   Command (m for help): t
   Selected partition 1
   Partition type (type L to list all types): 1
   Changed type of partition 'Linux filesystem' to 'EFI System'.
   
   Command (m for help): n
   Partition number (2-128, default 2): 
   First sector (264192-20971486, default 264192): 
   Last sector, +/-sectors or +/-size{K,M,G,T,P} (264192-20971486, default        20971486): +512M
   
   Created a new partition 2 of type 'Linux filesystem' and of size 512 MiB.
   
   Command (m for help): n
   Partition number (3-128, default 3): 
   First sector (1312768-20971486, default 1312768): 
   Last sector, +/-sectors or +/-size{K,M,G,T,P} (1312768-20971486, default        20971486): 
   
   Created a new partition 3 of type 'Linux filesystem' and of size 9.4 GiB.
   
   Command (m for help): w
   
   The partition table has been altered.
   Calling ioctl() to re-read partition table.
   Syncing disks.
   

3. 使用以下方法加密根分区sudo cryptsetup -y -v luksFormat --type luks2 /dev/sda3

4. 使用以下方式安装加密驱动器sudo cryptsetup open /dev/sda3 cryptroot
5. 格式化分区：
   1. EFI 分区：sudo mkfs.vfat /dev/sda1
   2. 启动分区：sudo mkfs.ext4 /dev/sda2
   3. 根分区：sudo mkfs.ext4 /dev/mapper/cryptroot
6. 使用这些设备安装 Kubuntu（/dev/sda1、/dev/sda2和/dev/mapper/cryptroot）

7. Chroot 进入已安装的 Kubuntu：

   1. 安装所需设备：

      sudo mount /dev/mapper/cryptroot /mnt
      sudo mount --bind /dev /mnt/dev
      sudo mount --bind /sys /mnt/sys
      sudo mount --bind /proc /mnt/proc
      sudo mount /dev/sda2 /mnt/boot
      

   2. 进入 chroot：sudo chroot /mnt

   3. 调整内核参数（/etc/default/grub）：

      GRUB_CMDLINE_LINUX="cryptdevice=UUID=6d5b5f47-58e8-4a9c-89c8-4f503f35ff3f:cryptroot root=/dev/mapper/cryptroot"
      

      我也尝试过：

      GRUB_CMDLINE_LINUX="rd.luks.name=6d5b5f47-58e8-4a9c-89c8-4f503f35ff3f=cryptroot root=/dev/mapper/cryptroot"
      

   4. 跑步update-grub

   5. 这里缺少一步（见答案）

8. 重新启动，当我启动时，quiet我看到以下输出：

   [some other output]
   
   Begin: Loading essential drivers ... done.
   Begin: Running /scripts/init-premount ... done.
   Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
   Begin: Running /scripts/local-premount ... done.
   Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... done.
   done.
   Gave up waiting for root file system device.  Common problems:
    - Boot args (cat /proc/cmdline)
      - Check rootdelay= (did the system wait long enough?)
    - Missing modules (cat /proc/modules; ls /dev)
   ALERT!  /dev/mapper/cryptroot does not exist.  Dropping to a shell!
   
   [BusyBox shell]