So i dd’ed my root partition, changed its luksUUID, updated crypttab to point / to new luksUUID, ran dracut to rebuild initrd, rebooted only to find out that it’s somehow still unlocking, mounting and booting me from the old root partition.
How at bootup is it still unlocking old root if its UUID is not in crypttab anymore?
If i unplug drive with original root, on reboot computer complains that it cant find old luks partition to unlock thus cant find / and drops me in initrd shell. I couldn’t find cryptsetup in initrd shell, is there a way to unlock LUKS partition from within initrd shell, vgscan it, mount root and continue booting?
Finally, can i manually unpack initrd image and repoint cryptsetup to new root UUID? Or is there a better way to do that?
Check if it really was regenerated in /boot.
Also regenerate grub as well.
It did, created a another encrypted partition and added it to crypttab as a sanity check. At boot it asked for password twice for original root and this new partition, and i also confirmed that it unlocked test partition and added it to /dev/mapper/ also rebuilt grub with grub2-mkconfig same results somehow its still unlocking and using old root
You can unpack the initramfs to the current directory with this command:
sudo lsinitrd --unpack /boot/initramfs....img
And then check what’s inside.
Side note, when i regenerate initramfs with dracut --regenerate-all -f i get cat: /sys/power/resume: No such file or directory error scroll few times. But after i unpacked it inside etc/crypttab is completely empty. Still new at this so poking around, anything specific i should look out for?
So to answer my own question, cryptsetup by default was not in my initramfs to add it i used dracut --install "$(which cryptsetup)" it adds cryptsetup to your initramfs.
luks-UUID of the root partition resides in /etc/default/grub in the GRUB_CMDLINE_LINUX= argument grub2-mkconfig pulls it from there when building grub.cfg
You need to add force option in /etc/crypttab.