Since Debian 13 (Trixie), when using the default FDE which uses grub to decrypt the luks partition, I have a single attempt

When the password is mistyped there is a long pause (over 10 seconds) and then the error appears.

I already tried increasing the max tries, which seems to be set to 1 when a keyfile is used.

The config/script seems to be in /usr/share/initramfs-tools/scripts/local-top/cryptroot.

I copied that to /etc/initramfs-tools/scripts/local-top/cryptroot and replaced the value CRYPTTAB_OPTION_tries=1 with 10 using find/replace (ansible stuff).

I think this has no effect though and doing so (might be a different issue) breaks boot entirely 💀

More info:

• by default when legacy boot (BIOS) is available, Debian will install grub to the MBR. This is where it happens
• when forcing or prioritizing legacy boot and using GPT, debian somehow boots from a 300MB efi partition, the same happens though, one attempt