Re: luks, crypttab: why 3 partition only 2 passphrases entered
Hi,
On Aug/01/2018, David Christensen wrote:
> On 08/01/2018 03:47 PM, Carles Pina i Estany wrote:
> > The question is:
> > "Please unlock disk m2_root_crypt:"
> >
> > I expcted to write the password three times.
>
> Given your crypttab, above, I agree that you should have to enter three
> passphrases.
I've been investigating and I'm still puzzled.
The findings can be resumed:
a) If I boot the kernel with break=premount and then execute
/scripts/local-top/cryptroot: I need to enter the passphrase three times
as expected instead of two. Last one I see the prompt a bit different in
bold (probably comes from systemd?).
b) If I boot the kernel with the parameter "debug" and then I execute
journalctl I can see:
"""
ago 02 23:30:05 pinux systemd-cryptsetup[498]: Added key to keyring as 604875905.
"""
And if I execute keyctl show:
root@pinux:~# keyctl show
Session Keyring
935647640 --alswrv 0 65534 keyring: _uid_ses.0
575581655 --alswrv 0 65534 \_ keyring: _uid.0
604875905 --alswrv 0 0 \_ user: cryptsetup
root@pinux:~#
If I wait a bit (more than 90 seconds was the default timeout?):
root@pinux:~# keyctl show
Session Keyring
935647640 --alswrv 0 65534 keyring: _uid_ses.0
575581655 --alswrv 0 65534 \_ keyring: _uid.0
root@pinux:~#
But I thought that keyrings were only used by decrypt_keyctl in /etc/crypttab?
where is this added? My initrd doesn't have keyctl installed.
All of this might be a red herring...
Any more ideas please let me know,
--
Carles Pina i Estany
Web: http://pinux.info || Blog: http://pintant.cat
GPG Key 0x8CD5C157
Reply to: