With my laptop I like to have use encryption and have a key on a removable USB drive. I’ve been doing this for a long time now. In order to do this I have to add the ext4 filesystem (the filesystem of the USB key, maybe I can try changing it to btrfs…) to dracut. The last step is updating dracut and here I run into an issue:
➜ sudo dracut -vf --regenerate-all
dracut[I]: Executing: /usr/bin/dracut --kver=6.13.11-200.fc41.x86_64 -vf
dracut[F]: Can't write to /boot/efi/c638990d56974584afdd5d4935fce577/6.13.11-200.fc41.x86_64: Directory /boot/efi/c638990d56974584afdd5d4935fce577/6.13.11-200.fc41.x86_64 does not exist or is not accessible.
dracut[I]: Executing: /usr/bin/dracut --kver=6.13.8-200.fc41.x86_64 -vf
dracut[F]: Can't write to /boot/efi/c638990d56974584afdd5d4935fce577/6.13.8-200.fc41.x86_64: Directory /boot/efi/c638990d56974584afdd5d4935fce577/6.13.8-200.fc41.x86_64 does not exist or is not accessible.
Which is correct, there is a /boot/efi/EFI/fedora or a BOOT and neither of them have that file in there. It seems that there is a config somewhere for dracut that is making it look in the wrong spot for the wrong thing.
You may need to disable composefs:
More info in this thread.
Nevermind, read what m2Giles said. This is way too advanced for me, I read /boot and thought it was due to composefs.
Sounds like that is coming in Fedora 42? Aurora stable as it is installed on my machine is still Fedora 41 based. Unless Kinoite moved to it in 41?
➜ cat /etc/os-release
NAME="Aurora"
VERSION="41.20250420 (Kinoite)"
RELEASE_TYPE=stable
ID=aurora
ID_LIKE="fedora"
VERSION_ID=41
VERSION_CODENAME=""
PLATFORM_ID="platform:f41"
Btw, I did reformat the USB drive to btrfs and it is working. I plan to build a workstation this weekend and use clevis/tang which usually also ends with a dracut command, although I’m not sure it will be needed as it looks like clevis is already installed.
You do not use dracut directly.
You use rpm-ostree initramfs.
For clevis, I’m unsure if we already have it enabled in the initramfs. If it is you just need to make sure that there is the proper meta data for luks.
2 Likes
You sent me on the correct path. I built my workstation and had to add clevis to dracut to get clevis and tang to work. I had to create /etc/dracut.conf.d/clevis.conf with:
add_drivers+=" clevis "
And the missing piece was after enabling initramfs generation sudo rpm-ostree initramfs --enable this command to regenerate the initramfs: sudo rpm-ostree initramfs-etc --force-sync. I imagine that would have worked with the original question since I was using the same technique to add a filesystem to dracut.
Edit: Clevis was already installed, but clevis-dracut was not. So, I did have to install that as well as activate the driver.