[pkg-cryptsetup-devel] which process is saving key in kernel keyring
Guilhem Moulin
guilhem at debian.org
Sat Aug 4 11:53:44 BST 2018
Hi,
On Sat, 04 Aug 2018 at 01:07:42 +0100, Carles Pina i Estany wrote:
> TL;DR: during booting of my Debian 9 some script/process is adding the
> passphrase or key in the kernel keyring. Who and where?
> […]
> m2_root_crypt UUID=4e655198-a111-... none luks,discard
> m2_swap_crypt UUID=56485640-8a04-... none luks,discard
> ssd_dades_crypt UUID=8d1d855d-17a7-... none luks,discard
>
> But I only need to enter the password twice during boot.
You didn't send your /etc/fstab but from their name I assume
‘m2_root_crypt’ and ‘m2_swap_crypt’ are respectively holding the root
and resume device, hence are unlocked at initramfs stage?
OTOH perhaps ‘ssd_dades_crypt’ is not unlocked at initramfs stage (by
our initramfs-tools) but later in the boot process (by systemd).
systemd has its own unlocking logic, and might be what's adding the
token to the kernel keyring.
Cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180804/400edc2f/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list