Been through TSA twice since last reply and my computer still works. More interested in preventing unauthorized access to the device if I leave it at home when I can’t protect it from evil maids who (impossibly?) can break zxcvbn “Centuries” 4 passwords or preform cold boot attacks.
Bringing together input from multiple sources since then, I think I have to start by editing crypttab back to the original line (which might be slightly difficult because I didn’t record the default) then re-start the systmd cryptsetup service and exit the shell. If it boots normally, then, only from full terminal can I try re-editing crypttab again. This will get very tedious if my next attempt at disk naming is not correct and I have to cycle through again. There is no way to do all this just from emergency shell, right?
Ok. Now as far as I can tell, the crucial part is the disk nomenclature.
bpreto has
nvme0n1p3_crypt UUID=xxx
I have
uuddev/sda3 /dev/disk/by-uuid/xxx
for line start in crypttab
udev has symbolic links (# file *) that need to match I think.
From shell I can’t get to boot parameters with GRUB_CMDLINE=rd.luks.uuid=luks-machine-id. I am not sure if I should name the two disk “aliases” with some part of boot parameters like rd.luks. Trial and error will be very time consuming since all the commands can’t be done from emergency shell and everything has to be cycled again. @w4tsn 4wtsn