You are not logged in.
Hello everybody,
I have already played around multiple hours to figure out how the sd-encrypt hook in Mkinitcpio works, especially the version with passphrase caching, but it doesn't work.
Using the encrypt hook everything works flawlessly.
Setup:
I use UEFI and systemd-boot as bootloader. I have / and /home on different partitions and want to decrypt both partitions with only one passphrase during booting.
Here my relevant config:
$ lsblk -f
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ntfs AA88579188575B41
├─sda2 vfat EFIBOOT 85BB-C140 /boot
├─sda3 crypto_LUKS ebc12072-19a9-48be-a082-e475dfaf3cf4
│ └─cryptroot ext4 rootfs 9ae602e9-2ffd-4874-bb76-609ccc791fdb /
└─sda4 crypto_LUKS a3467dca-44c9-4ab9-ad44-6a475a728815
└─crypthome ext4 homefs a66d3580-6c85-4eff-9097-e344eaf870b4 /home/etc/mkinitcpio.conf
HOOKS="base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt resume filesystems fsck"/etc/crypttab
# /dev/sda4
crypthome UUID=a3467dca-44c9-4ab9-ad44-6a475a728815 /etc/crypto/keyfile.txt luks,discardkernel parameters in /boot/loader/entries/arch-encrypted.conf:
options rd.luks.name=ebc12072-19a9-48be-a082-e475dfaf3cf4=cryptroot rd.luks.name=a3467dca-44c9-4ab9-ad44-6a475a728815=crypthome rd.luks.crypttab=no root=/dev/mapper/cryptroot resume=/dev/mapper/cryptroot resume_offset=1466368 rwIn https://wiki.archlinux.org/index.php/Dm … n#crypttab
is mentioned that there is a way to configure passphrase caching:
Note: When using systemd-boot and the sd-encrypt hook, if a non-root partition's passphrase is the same as root's, there is no need to put that non-root partition in crypttab due to passphrase caching. See this forum thread for more information.
But with the config above, it always fails to decrypt the home partition. So, can somebody tell whats the correct kernel boot line for using passphrase caching?
Thanks!
Offline
I've never used passphrase caching, but "rd.luks.crypttab=no" will not disable the parsing of /etc/crypttab on real root. You need to use "luks.crypttab=no".
Offline