From 555f0ba6cf5c8127be2a10f506f19dcfb74fa906 Mon Sep 17 00:00:00 2001
From: Teo Mrnjavac <teo@kde.org>
Date: Thu, 17 Nov 2016 18:14:37 +0100
Subject: [PATCH] Don't include keyfile in initramfs on unencrypted /boot.

---
 src/modules/initcpiocfg/main.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/modules/initcpiocfg/main.py b/src/modules/initcpiocfg/main.py
index 9aebe725f..5a0d028da 100644
--- a/src/modules/initcpiocfg/main.py
+++ b/src/modules/initcpiocfg/main.py
@@ -94,6 +94,7 @@ def modify_mkinitcpio_conf(partitions, root_mount_point):
     files = []
     encrypt_hook = False
     openswap_hook = False
+    unencrypted_separate_boot = False
 
     # It is important that the plymouth hook comes before any encrypt hook
     plymouth_bin = os.path.join(root_mount_point, "usr/bin/plymouth")
@@ -112,9 +113,13 @@ def modify_mkinitcpio_conf(partitions, root_mount_point):
         if partition["mountPoint"] == "/" and "luksMapperName" in partition:
             encrypt_hook = True
 
+        if partition["mountPoint"] == "/boot" and "luksMapperName" not in partition:
+            unencrypted_separate_boot = True
+
     if encrypt_hook:
         hooks.append("encrypt")
-        if os.path.isfile(os.path.join(root_mount_point, "crypto_keyfile.bin")):
+        if not unencrypted_separate_boot and \
+           os.path.isfile(os.path.join(root_mount_point, "crypto_keyfile.bin")):
             files.append("/crypto_keyfile.bin")
 
     if swap_uuid is not "":