You are not logged in.

#26 2017-02-20 10:34:41

userak
Member
Registered: 2017-02-04
Posts: 42

Re: systemd: Cryptsetup of device in crypttab does not happen - timeout

Ok I  did following experiment ...

All this was done using sd-encrypt hook.  All my luks partions "boot" "root" "home" "swap" were encrypted with same password.  So I changed the "home" partition password.  After rebooting the system,  I was asked to enter password for the "home" partition and the "crypt_home" ( both enteries are refering to the same partitions ,  I have named the home partition in crypttab file as crypt_home and not as home). On entering the password   "home" partition got mapped as  "home" and mapping to "crypt_home" got failed.  Which is obvious  since  same partion cannot be mapped two times.

So I finally came to this conclusion ...

Systemd-boot (sd-encrypt hook)  tries to automatically mount the  swap and home partiton ( may be by scanning the type-codes ). For  this it  uses the password that was supplied to unlock the root partition. Now since the "home" partition gets automatically mapped as "home" (/dev/mapper/home)  thats is why the  "home" parititions entry in the crypttab file fails, as it was already mapped.


What do you guys think ?

Last edited by userak (2017-02-20 10:43:37)


A newbie archlinux user ...

Offline

#27 2017-02-20 10:39:42

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: systemd: Cryptsetup of device in crypttab does not happen - timeout

https://github.com/systemd/systemd/blob/master/NEWS from release 227

* The "ask-password" framework used to query for LUKS harddisk
          passwords or SSL passwords during boot gained support for
          caching passwords in the kernel keyring, if it is
          available. This makes sure that the user only has to type in
          a passphrase once if there are multiple objects to unlock
          with the same one. Previously, such password caching was
          available only when Plymouth was used; this moves the
          caching logic into the systemd codebase itself. The
          "systemd-ask-password" utility gained a new --keyname=
          switch to control which kernel keyring key to use for
          caching a password in. This functionality is also useful for
          enabling display managers such as gdm to automatically
          unlock the user's GNOME keyring if its passphrase, the
          user's password and the harddisk password are the same, if
          gdm-autologin is used.

Offline

#28 2017-02-20 10:50:56

userak
Member
Registered: 2017-02-04
Posts: 42

Re: systemd: Cryptsetup of device in crypttab does not happen - timeout

So I was right  systemd  caches the password and automatically tires to unlock the other partitions.


A newbie archlinux user ...

Offline

#29 2017-12-21 12:05:21

marcio
Member
Registered: 2010-10-08
Posts: 39

Re: systemd: Cryptsetup of device in crypttab does not happen - timeout

Hi guys, can anyone share lsblk -f output and kernel boot options to archive the password caching. I still have to input the password for the two encrypted devices, even using systemd and sd-encrypt hooks.
thanks

Offline

#30 2017-12-21 13:28:12

marcio
Member
Registered: 2010-10-08
Posts: 39

Re: systemd: Cryptsetup of device in crypttab does not happen - timeout

marcio wrote:

Hi guys, can anyone share lsblk -f output and kernel boot options to archive the password caching. I still have to input the password for the two encrypted devices, even using systemd and sd-encrypt hooks.
thanks

Sorry, but it just work now for me. Tks

Offline

Board footer

Powered by FluxBB