You are not logged in.
Ok I did following experiment ...
All this was done using sd-encrypt hook. All my luks partions "boot" "root" "home" "swap" were encrypted with same password. So I changed the "home" partition password. After rebooting the system, I was asked to enter password for the "home" partition and the "crypt_home" ( both enteries are refering to the same partitions , I have named the home partition in crypttab file as crypt_home and not as home). On entering the password "home" partition got mapped as "home" and mapping to "crypt_home" got failed. Which is obvious since same partion cannot be mapped two times.
So I finally came to this conclusion ...
Systemd-boot (sd-encrypt hook) tries to automatically mount the swap and home partiton ( may be by scanning the type-codes ). For this it uses the password that was supplied to unlock the root partition. Now since the "home" partition gets automatically mapped as "home" (/dev/mapper/home) thats is why the "home" parititions entry in the crypttab file fails, as it was already mapped.
What do you guys think ?
Last edited by userak (2017-02-20 10:43:37)
A newbie archlinux user ...
Offline
https://github.com/systemd/systemd/blob/master/NEWS from release 227
* The "ask-password" framework used to query for LUKS harddisk
passwords or SSL passwords during boot gained support for
caching passwords in the kernel keyring, if it is
available. This makes sure that the user only has to type in
a passphrase once if there are multiple objects to unlock
with the same one. Previously, such password caching was
available only when Plymouth was used; this moves the
caching logic into the systemd codebase itself. The
"systemd-ask-password" utility gained a new --keyname=
switch to control which kernel keyring key to use for
caching a password in. This functionality is also useful for
enabling display managers such as gdm to automatically
unlock the user's GNOME keyring if its passphrase, the
user's password and the harddisk password are the same, if
gdm-autologin is used.
Offline
So I was right systemd caches the password and automatically tires to unlock the other partitions.
A newbie archlinux user ...
Offline
Hi guys, can anyone share lsblk -f output and kernel boot options to archive the password caching. I still have to input the password for the two encrypted devices, even using systemd and sd-encrypt hooks.
thanks
Offline
Hi guys, can anyone share lsblk -f output and kernel boot options to archive the password caching. I still have to input the password for the two encrypted devices, even using systemd and sd-encrypt hooks.
thanks
Sorry, but it just work now for me. Tks
Offline