Public bug reported:
Subject/Title: [25.10] Dracut + TPM2 auto-unlock hangs at password
prompt until "Enter" key press (ZFS on Root)
Affected Package: dracut-core, plymouth, systemd
System Information:
OS: Ubuntu 25.10 (Plucky Puffin)
Filesystem: ZFS on Root (standard Ubuntu layout with keystore-rpool LUKS
wrapper)
Init System: Dracut
Encryption: LUKS2 with TPM2 enrollment (systemd-cryptenroll)
Description: On a fresh install of Ubuntu 25.10 using ZFS on Root,
enabling TPM2 auto-unlock via systemd-cryptenroll results in a boot
process that hangs at the password prompt.
The TPM successfully unlocks the volume in the background, but the boot
process does not continue automatically. The user is presented with the
standard "Please enter passphrase" prompt. Pressing the Enter key (with
no password typed) immediately proceeds with the boot, confirming that
the key slot was already unlocked.
The issue appears to be a race condition or a signaling failure between
systemd-cryptsetup, plymouth, and the dracut initramfs environment,
where the successful unlock event does not terminate the password prompt
agent.
Steps to Reproduce:
Install Ubuntu 25.10 with ZFS on Root (encrypted).
Install TPM tools: sudo apt install tpm2-tools systemd-oomd
Enroll the TPM for the ZFS keystore: sudo systemd-cryptenroll
--tpm2-device=auto --tpm2-pcrs=0+7 /dev/zvol/rpool/keystore
Update /etc/crypttab to include tpm2-device=auto for the keystore-rpool.
Create a Dracut override to ensure TPM modules are loaded (as they are
not included by default):
Bash
# /etc/dracut.conf.d/10-tpm-zfs.conf
add_dracutmodules+=" tpm2-tss "
install_items+="/etc/crypttab"
Regenerate boot image: sudo dracut -f
Reboot.
Expected Behavior: The system boots, briefly queries the TPM, unlocks
the drive, and proceeds to the login screen without user intervention.
Actual Behavior: The system boots and stops at the plymouth passphrase
prompt. It waits indefinitely.
If the user types the password, it boots.
If the user presses "Enter" (empty password), it also boots immediately.
Workarounds Attempted:
Removing splash from GRUB_CMDLINE_LINUX_DEFAULT: Failed (Text prompt
still requires Enter).
Adding rd.auto=1 to Grub: Failed.
Uninstalling plymouth entirely: Success (Boot proceeds automatically
without keypress, confirming the issue lies in the Plymouth/Dracut
interaction).
Logs/Config: Current /etc/crypttab:
Plaintext
dm_crypt-0 PARTUUID=[UUID] /dev/urandom
cipher=aes-cbc-essiv:sha256,initramfs,plain,size=256,swap
keystore-rpool /dev/zvol/rpool/keystore none luks,discard,tpm2-device=auto
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: dracut 108-3ubuntu3
ProcVersionSignature: Ubuntu 6.17.0-6.6-generic 6.17.1
Uname: Linux 6.17.0-6-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.33.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Sun Nov 23 07:22:30 2025
DracutModulesPackages:
dracut-core 108-3ubuntu3
zfs-dracut 2.3.4-1ubuntu2
InstallationDate: Installed on 2025-11-22 (0 days ago)
InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Release amd64 (20251007)
PackageArchitecture: all
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/usr/bin/fish
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: dracut
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: dracut (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug questing wayland-session
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2132242
Title:
[25.10] Dracut + TPM2 auto-unlock hangs at password prompt until
"Enter" key press (ZFS on Root)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dracut/+bug/2132242/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
