Key sharing
Dick Middleton
dick at lingbrae.com
Sun Jul 17 10:44:49 CEST 2022
I've been using the key sharing feature of mandos to unlock resume/swap partition using
the same passphrase as the root partition.
I've been having a lot of trouble recently keeping this all working. I was using dracut
to build my initramfs but that now renders my system unbootable.
So I've reverted to using initramfs-tools and at least I can boot. However it no longer
unlocks the swap partition; it prompts me separately.
My crypttab looks like this:
# root
md1-crypt UUID=xxxx boot luks,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl
# sleep
sleep UUID=yyyy boot luks,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl
I'm using mandos-client version 1.8.14 on stable aka bullseye! kernel is 5.10.0-16-amd64
Something has changed, I don't know what. If somebody could enlighten me that would be
much appreciated.
Dick
More information about the Mandos-Dev
mailing list