Cryptsetup passdev script is failing to honor the timeout parameter.

Hi,

I'm sorry if this have been pointed out before, but I have been googling for this for the last couple of hours without much success.

What I want to achieve, is to be able to decrypt the device my root partition resides during boot proces using a keyfile that resides on a separate thumbdrive, and if that fails, have cryptsetup ask me for a passphrase that is stored on another keyslot.

According to /usr/share/doc/cryptsetup/README.initramfs.gz, we should be able to have this (section 10):

[quote]
The "key" part of /etc/crypttab will be interpreted as <device>:<path>[:<timeout>], it is strongly recommended that you use one of the persistent device names from /dev/disk/*, e.g. /dev/disk/by-label/myusbkey. (...) The timeout option has to be in seconds.
[/quote]

Thus I have added the following to my /etc/crypttab and updated my iniramfs afterwards:
[code]
sda2_crypt UUID=06006d46-fd75-4764-8f5f-2f4c0cdd2c41 /dev/disk/by-uuid/70298138-69db-4350-8740-b0411fbe256d:/06006d46-fd75-4764-8f5f-2f4c0cdd2c41.key:10 luks,discard,keyscript=/lib/cryptsetup/scripts/passdev
[/code]

When I plug the thumbdrive containing my keyfile everything just works, but when I remove it, I get dropped to an initramfs shell after several failed cryptsetup atempts to mount my root device. I am forced to manually luksOpen it (and in my case enumarate it with lvm) and mount it under /root to be able to boot.

So, there are two problems with this behaviour IMHO:
- passdev won't fallback to asking for a passphrase (as I think it would be a reasonable default);
- it takes a lot more time than I have specified in the cryptab for passdev to consider the device was not available, thus it is not honoring the timeout parameter;