luks, crypttab: why 3 partition only 2 passphrases entered
I have a Debian Stretch and recently I added a new cyphered partition.
All works well but I don't understand why and it's bothering me.
$ cat /etc/crypttab
m2_root_crypt UUID=4e655198-a111-... none luks,discard
m2_swap_crypt UUID=56485640-8a04-... none luks,discard
ssd_dades_crypt UUID=8d1d855d-17a7-... none luks,discard
All three partitions have the same passphrase.
On restart I'm asked for two passwords:
The question is:
"Please unlock disk m2_root_crypt:"
I expcted to write the password three times.
My only theory is that after the root partition is decyphered it's also
mounted and then systemd-ask-password is used somehow (how?) and
--keyname= is used to "Configure a kernel keyring key name". I haven't
tested or seen scripts that do this.
I'm reading initrd scripts/local-top/cryptroot and bin/cryptoot-unlock
(where I can see the string "Please unlock disk") and I don't see
anything like this happening. Maybe initrd lib/cryptsetup/askpass is
A question would be:
a) How to enter the passphrase only once?
b) When/where (scripts) and how is the passphrase stored?
This is just to know as the system is working perfectly.
Thanks for reading all of this!
Carles Pina i Estany
Web: http://pinux.info || Blog: http://pintant.cat
GPG Key 0x8CD5C157