[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

luks, crypttab: why 3 partition only 2 passphrases entered


I have a Debian Stretch and recently I added a new cyphered partition.
All works well but I don't understand why and it's bothering me.

$ cat /etc/crypttab
m2_root_crypt UUID=4e655198-a111-... none luks,discard
m2_swap_crypt UUID=56485640-8a04-... none luks,discard
ssd_dades_crypt UUID=8d1d855d-17a7-... none luks,discard

All three partitions have the same passphrase.

On restart I'm asked for two passwords:

The question is:
"Please unlock disk m2_root_crypt:"

I expcted to write the password three times.

My only theory is that after the root partition is decyphered it's also
mounted and then systemd-ask-password is used somehow (how?) and
--keyname= is used to "Configure a kernel keyring key name". I haven't
tested or seen scripts that do this.

I'm reading initrd scripts/local-top/cryptroot and bin/cryptoot-unlock
(where I can see the string "Please unlock disk") and I don't see
anything like this happening. Maybe initrd lib/cryptsetup/askpass is
doing it?

A question would be:
a) How to enter the passphrase only once?
b) When/where (scripts) and how is the passphrase stored?

This is just to know as the system is working perfectly.

Thanks for reading all of this!

Carles Pina i Estany
	Web: http://pinux.info || Blog: http://pintant.cat
	GPG Key 0x8CD5C157

Reply to: