[pkg-cryptsetup-devel] Bug#917067: Bug#917067: cryptsetup-bin: Opening a LUKS image which resides inside of the /home/ partition

[Mikhail Morfikov]

On 22/12/2018 12:57, Guilhem Moulin wrote:

> The cryptroot initramfs boot scripts won't try to mount anything; if an
> extra file-system (other than / and /usr) needs to be mounted at early
> boot stage, you'll need to arrange for it yourself, for instance with a
> local-block script.
So unlocking the LUKS image using only the /etc/crypttab file won't work. I
think I could play with the scripts and see what can be done.

> If you remove ‘keyscript=decrypt_keyctl’ systemd should be able to
> unlock the device later in the boot process, once /home has been
> mounted.  (systemd doesn't support ‘keyscript=’ currently, cf. #618862.)
> To preserve unattended unlocking you could use a key file instead.
In the past I was using systemd to unlock all the LUKS containers and that was
working well. But I had to remove plymouth, and hence I have to type the same
password multiple times at boot stage. That's why I added the "luks.crypttab=no"
option to the kernel cmd line, and I want to use only the /etc/crypttab solution.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20181222/5fd316ab/attachment.sig>