Hi! I've followed the doc / template to set up an encrypted system on my laptop: --8<---------------cut here---------------start------------->8--- (mapped-devices (list (mapped-device (source (uuid "12345678-1234-1234-1234-123456789abc")) (target "my-root") (type luks-device-mapping)))) (file-systems (append (list (file-system (device (file-system-label "my-root")) (mount-point "/") (type "ext4") (dependencies mapped-devices)) (file-system (device (uuid "1234-ABCD" 'fat)) (mount-point "/boot/efi") (type "vfat"))) %base-file-systems)) --8<---------------cut here---------------end--------------->8--- Problem is, I get prompted for the LUKS password twice: once before GRUB starts and once when booting an OS entry. This is rather annoying (and quite slow by the way, it takes some 10-20 seconds) and probably not too useful. Is it possible to prompt for the password only once? I suppose that one way to do this is to make /boot a separate file system beside /boot/efi. All in all, the configuration would look like this: --8<---------------cut here---------------start------------->8--- (mapped-devices (list (mapped-device (source (uuid "12345678-1234-1234-1234-123456789abc")) (target "my-root") (type luks-device-mapping)))) (file-systems (append (list (file-system (device (file-system-label "my-root")) (mount-point "/") (type "ext4") (dependencies mapped-devices)) (file-system (device (file-system-lavel "boot") (mount-point "/boot") (type "ext4")) (file-system (device (uuid "1234-ABCD" 'fat)) (mount-point "/boot/efi") (type "vfat"))) %base-file-systems)) --8<---------------cut here---------------end--------------->8--- We should probably update the doc and templates to explain this subtlety, since mistakes in the partition design are hard to recover after the fact :) Insights? -- Pierre Neidhardt https://ambrevar.xyz/