|
From: Carles Pina i Estany <carles@pina.cat>
Sent: Thursday, 2 August 2018 8:47 AM To: debian-user@lists.debian.org Subject: luks, crypttab: why 3 partition only 2 passphrases entered Hi, I have a Debian Stretch and recently I added a new cyphered partition. All works well but I don't understand why and it's bothering me. Setup: $ cat /etc/crypttab m2_root_crypt UUID=4e655198-a111-... none luks,discard m2_swap_crypt UUID=56485640-8a04-... none luks,discard ssd_dades_crypt UUID=8d1d855d-17a7-... none luks,discard All three partitions have the same passphrase. On restart I'm asked for two passwords: m2_root_crypt m2_swap_crypt The question is: "Please unlock disk m2_root_crypt:" I expcted to write the password three times. My only theory is that after the root partition is decyphered it's also mounted and then systemd-ask-password is used somehow (how?) and --keyname= is used to "Configure a kernel keyring key name". I haven't tested or seen scripts that do this. I'm reading initrd scripts/local-top/cryptroot and bin/cryptoot-unlock (where I can see the string "Please unlock disk") and I don't see anything like this happening. Maybe initrd lib/cryptsetup/askpass is doing it? A question would be: a) How to enter the passphrase only once? b) When/where (scripts) and how is the passphrase stored? This is just to know as the system is working perfectly. Thanks for reading all of this! -- Carles Pina i Estany Web: http://pinux.info || Blog: http://pintant.cat GPG Key 0x8CD5C157 |