Key sharing
Dick Middleton
dick at lingbrae.com
Sun Jul 17 14:21:19 CEST 2022
On 7/17/22 09:44, Dick Middleton wrote:
> So I've reverted to using initramfs-tools and at least I can boot. However it no longer
> unlocks the swap partition; it prompts me separately.
>
> My crypttab looks like this:
>
> # root
> md1-crypt UUID=xxxx boot luks,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl
>
> # sleep
> sleep UUID=yyyy boot luks,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl
>
> I'm using mandos-client version 1.8.14 on stable aka bullseye! kernel is 5.10.0-16-amd64
>
It does not seem to use the decrypt_keyctl script for the "sleep" partition. With the
root partition it asks "Caching passphrase for md1-crypt:" but for "sleep" it asks:
"Please enter passphrase for disk xxx (sleep):". The latter is not from decrypt_keyctl.
In between the 2 messages it runs a systemd generator for each of the partitions
(md1-crypt and sleep) to produce systemd-cryptsetup@ services. No doubt that's where the
"Please enter ..." message comes from.
So it's a bit of a mess. What do I do to fix it?
Dick
--
Dick Middleton dick at lingbrae.com
More information about the Mandos-Dev
mailing list