timeout for cryptsetup keyscript=passdev
Hi List,
I'm trying to figure out how passdev works. I've setup fulldisk-encryption by selecting cryptsetup+lvm during install. After installation I added a keyfile and edited crypttab to serve the keyfile from a usbstick. With the usbstick plugged in I can successfully boot, but without I get a error message:
<initramfs-error-message>
Unable to stat /dev/disk/by-uuid/8148fe49-2590-48e7-97c2-9d005fb0a66
cryptsetup:cryptsetup failed, bad password or options?
Gave up waiting for root device. Common problems:
- Boot args (cat /proc/cmdline)
...
Dropping to shell!
</initramfs-error-message>
<system-info>
root@debian-4test:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 7.5 (wheezy)
Release: 7.5
Codename: wheezy
root@debian-4test:~# apt-show-versions cryptsetup
cryptsetup/wheezy uptodate 2:1.4.3-4
root@debian-4test:~# cat /etc/crypttab
sda5_crypt UUID=8098a26f-c137-40bc-9296-de5a03ff5930 /dev/disk/by-uuid/8148fe49-2590-48e7-97c2-9d005fb0a666:/keyfile.root:5 luks,keyscript=/lib/cryptsetup/scripts/passdev,tries=1
root@debian-4test:~# zless /usr/share/doc/cryptsetup/README.initramfs.gz | grep timeout
The "key" part of /etc/crypttab will be interpreted as <device>:<path>[:<timeout>],
The timeout option has to be in seconds.
root@debian-4test:~# tail -3 /etc/initramfs-tools/modules
uhci_hcd
ehci_hcd
usb_storage
</system-info>
Maybe I did something wrong or timeout is not working.
As I understand it, passdev should be able serve a keyfile and provide a fallback mode to enter a passphrase manually.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502598 (-- bugreport from 2008; passdev gets timeout option) for more information.
Thanks and best regards,
David
Reply to: