http://bugzilla.opensuse.org/show_bug.cgi?id=1197635 Bug ID: 1197635 Summary: Dracut from Leap 15.4 beta breaks rd.luks.key initrd option to unlock luks devices with encryption keys on USB keys Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: x86-64 OS: openSUSE Leap 15.4 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: georg.jansing@web.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The crypto keyfile is not read from USB key device, even though the corresponding kernel command line parameter is set (rd.luks.key=/keyfile.bin). More detailed scenario described below. I tracked this down to the following broken call found in in /run/initramfs/init.log (with rd.debug set on kernel command line): ``` + cryptsetup -d - ' ' luksOpen /dev/sdb2 vg ``` Note the one-space string parameter (' ') between "-" and "luksOpen". On a boot on a 15.3 system, this ' ' parameter is not present. It seems to be introduced by quoting around $cryptsetupopts in /usr/lib/dracut/modules.d/90crypt/cryptroot-ask.sh, lines 142 or 168: `cryptsetup -d - "$cryptsetupopts" [...]` In commit https://github.com/dracutdevs/dracut/commit/e0abf88a15d23fbf793cf872397016ad... this quoting is removed (maybe due to this breakage). This fix seems not to be included in the dracut version contained in the current Leap 15.4 package. Is there a way to include this fix in the 15.4 package? Scenario: root fs on LVM on crypto-luks on ssd /etc/crypttab ``` vg /dev/disk/by-uuid/<some uuid> none luks,x-initrd.attach,discard ``` /etc/dracut.conf.d/50-crypt-key.conf ``` add_drivers+=" nls_cp437 nls_iso8859_1 " add_filesystems+=" vfat " filesystems+=" vfat " omit_dracutmodules+=" systemd " ``` Note: rd.luks.key functionality in known to be broken in combination with systemd in dracut initrd, see https://bugzilla.redhat.com/show_bug.cgi?id=905683, also referred in `man dracut.cmdline` in the 15.4 version of dracut. /etc/default/grub ``` GRUB_CMDLINE_LINUX_DEFAULT="rd.luks.key=/keysfile.bin [...]" ``` Update grub2 & initrd with ``` # grub2-mkconfig -o /boot/grub2/grub.cfg # mkinitrd ``` On Leap 15.3 systems this works. Dracut is shipped in a older version though: 055+suse.238.gacab0df5-150400.1.6 (Leap 15.4 beta) vs. 049.1+suse.228.g07676562-3.54.1 (Leap 15.3 with current updates) -- You are receiving this mail because: You are on the CC list for the bug.