I have Ubuntu 20.04 installed with /root, swap, and /home as logical volumes inside a LUKS2 container and a separate /boot inside a LUKS1 container. I would like the /boot partition to not be automatically mounted on boot so it stays encrypted during normal operation. I've tried adding noauto to both /etc/fstab and /etc/crypttab, but I'm still asked for the /boot partition password at startup and /boot still gets mounted. I found this question which said that it might be because the EFI system partition is automatically mounted, so I added noauto to the ESP in /etc/fstab too. This prevented the ESP from being automatically mounted, but /boot still gets mounted. The only way I was able to prevent his was to remove the entry from /etc/fstab or /etc/crypttab, but I would like to keep the entry.
Here's /etc/crypttab:
cryptboot UUID=... none luks,discard,noautocryptdrive UUID=... none luks,discardAnd /etc/fstab:
/dev/mapper/ubuntu--vg-root / ext4 erros=remount-ro 0 1/dev/mapper/cryptboot /boot ext4 noauto 0 2UUID=5E3C-E672 /boot/efi vfat umask=0077,noauto 0 1/dev/mapper/ubuntu--vg-home /home ext4 defaults 0 2/dev/mapper/ubuntu--vg-swap none swap sw 0 0