[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: luks, crypttab: why 3 partition only 2 passphrases entered

On 08/04/2018 01:08 PM, Carles Pina i Estany wrote:

root@pinux:~# dmsetup info /dev/dm-*
Name:              m2_root_crypt
State:             ACTIVE
Read Ahead:        256
Tables present:    LIVE
Open count:        1
Event number:      0
Major, minor:      254, 0
Number of targets: 1
UUID: CRYPT-LUKS1-4e655198a11147b3985b4622af7a2b0f-m2_root_crypt

Name:              m2_swap_crypt
State:             ACTIVE
Read Ahead:        256
Tables present:    LIVE
Open count:        2
Event number:      0
Major, minor:      254, 1
Number of targets: 1
UUID: CRYPT-LUKS1-564856408a04403191d46f1620cc2c9e-m2_swap_crypt

Name:              ssd_dades_crypt
State:             ACTIVE
Read Ahead:        256
Tables present:    LIVE
Open count:        1
Event number:      0
Major, minor:      254, 2
Number of targets: 1
UUID: CRYPT-LUKS1-8d1d855d17a74cf2b29486172e407e35-ssd_dades_crypt

I can't see anything obviously wrong.
Okay. It seems that you have three encrypted partitions, all set up correctly. 



Since the last emails here I've kept investigating. Quick overview if someone is interested here (and let me know if it's something else!).
After booting keyctl has this:

root@pinux:~# keyctl show
Session Keyring
  479651357 --alswrv      0 65534  keyring: _uid_ses.0
  712333474 --alswrv      0 65534   \_ keyring: _uid.0
  711077095 --alswrv      0     0       \_ user: cryptsetup
root@pinux:~#

See the cryptsetup line. This is what would make systemd able to mount/umount without asking for the passphrase and I can just boot and do:
systemctl stop systemd-cryptsetup@ssd_dades_crypt.service
systemctl start systemd-cryptsetup@ssd_dades_crypt.service

if the cryptsetup line is still there (it last I think 2.5 minutes) systemd second line is mounting the partition without me entering the password.

But the initial passwords are entered to initrd /lib/cryptsetup/askpass and
using plymouth for the password "asking" backend (not systemd related) and
actually if I boot with init=/bin/bash or break=init I would have the two (root
and swap) partitions mounted but no "dades" partition mounted either anything
in keyctl show.

So still a mystery how this is added there: by who, etc.

Any clues (or "you missed this obvious thing" are very welcomed!


On 08/04/2018 02:54 PM, Carles Pina i Estany wrote:
> And I'm now 99% sure that the culprit of all this confusion is...
> plymouth! It has a password caching facility and systemd seems to use
> it to get the cached password.
You seem to have found complexities above dm-crypt. I know very little about systemd or the various desktop environments, so I'll wish you good luck in pursuing answers to your questions. 


You might try asking on the dm-crypt mailing list:

https://www.saout.de/mailman/listinfo/dm-crypt


David
Reply to: