Re: luks, crypttab: why 3 partition only 2 passphrases entered

[Carles Pina i Estany <carles@pina.cat>]

Hi,

On Aug/01/2018, David Christensen wrote:
> On 08/01/2018 03:47 PM, Carles Pina i Estany wrote:

> > The question is:
> > "Please unlock disk m2_root_crypt:"
> > 
> > I expcted to write the password three times.
> 
> Given your crypttab, above, I agree that you should have to enter three
> passphrases.

I've been investigating and I'm still puzzled.

The findings can be resumed:
a) If I boot the kernel with break=premount and then execute
/scripts/local-top/cryptroot: I need to enter the passphrase three times
as expected instead of two. Last one I see the prompt a bit different in
bold (probably comes from systemd?).

b) If I boot the kernel with the parameter "debug" and then I execute
journalctl I can see:
"""
ago 02 23:30:05 pinux systemd-cryptsetup[498]: Added key to keyring as 604875905.
"""

And if I execute keyctl show:
root@pinux:~# keyctl show
Session Keyring
 935647640 --alswrv      0 65534  keyring: _uid_ses.0
 575581655 --alswrv      0 65534   \_ keyring: _uid.0
 604875905 --alswrv      0     0       \_ user: cryptsetup
root@pinux:~# 

If I wait a bit (more than 90 seconds was the default timeout?):
root@pinux:~# keyctl show
Session Keyring
 935647640 --alswrv      0 65534  keyring: _uid_ses.0
 575581655 --alswrv      0 65534   \_ keyring: _uid.0
root@pinux:~# 

But I thought that keyrings were only used by decrypt_keyctl in /etc/crypttab?
where is this added? My initrd doesn't have keyctl installed.

All of this might be a red herring...

Any more ideas please let me know,

-- 
Carles Pina i Estany
	Web: http://pinux.info || Blog: http://pintant.cat
	GPG Key 0x8CD5C157