Cryptsetup passdev script is failing to honor the timeout parameter.
Hi,
I'm sorry if this have been pointed out before, but I have been googling for this for the last couple of hours without much success.
What I want to achieve, is to be able to decrypt the device my root partition resides during boot proces using a keyfile that resides on a separate thumbdrive, and if that fails, have cryptsetup ask me for a passphrase that is stored on another keyslot.
According to /usr/share/
[quote]
The "key" part of /etc/crypttab will be interpreted as <device>
[/quote]
Thus I have added the following to my /etc/crypttab and updated my iniramfs afterwards:
[code]
sda2_crypt UUID=06006d46-
[/code]
When I plug the thumbdrive containing my keyfile everything just works, but when I remove it, I get dropped to an initramfs shell after several failed cryptsetup atempts to mount my root device. I am forced to manually luksOpen it (and in my case enumarate it with lvm) and mount it under /root to be able to boot.
So, there are two problems with this behaviour IMHO:
- passdev won't fallback to asking for a passphrase (as I think it would be a reasonable default);
- it takes a lot more time than I have specified in the cryptab for passdev to consider the device was not available, thus it is not honoring the timeout parameter;
Question information
- Language:
- English Edit question
- Status:
- Expired
- Assignee:
- No assignee Edit question
- Last query:
- Last reply: