boot using keyfile with fallback to passphrase