[Bug 1212853] New: GRUB2 asking for passphrase twice again
https://bugzilla.suse.com/show_bug.cgi?id=1212853 Bug ID: 1212853 Summary: GRUB2 asking for passphrase twice again Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader Assignee: screening-team-bugs@suse.de Reporter: eyadlorenzo@gmail.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Yesterday I reinstalled my Tumbleweed system, with crypted root and crypted swap. I now get again asked twice for my passphrase. I could follow what described in https://en.opensuse.org/SDB:Encrypted_root_file_system#Avoiding_to_type_the_..., but last time I installed Tumbleweed there was no need (see https://bugzilla.opensuse.org/show_bug.cgi?id=1206710) for details. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1212853 https://bugzilla.suse.com/show_bug.cgi?id=1212853#c1 --- Comment #1 from Eyad Issa <eyadlorenzo@gmail.com> --- Also, on the first install I didn't crypt the swap partition. On this one I did. Could that be it? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1212853 https://bugzilla.suse.com/show_bug.cgi?id=1212853#c2 --- Comment #2 from Eyad Issa <eyadlorenzo@gmail.com> --- $ sudo cat /etc/crypttab cr_root UUID=c6fa6cc1-2c41-4a46-a8fb-eb589dd21264 none x-initrd.attach cr_swap UUID=a7f32cc5-8fe2-4152-941c-a7f7448b4f02 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1212853 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1212853 https://bugzilla.suse.com/show_bug.cgi?id=1212853#c3 Matt Weber <mdogg@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |mdogg@opensuse.org Resolution|--- |FIXED --- Comment #3 from Matt Weber <mdogg@opensuse.org> --- When you LUKS encrypt a standard artitions with a password, each partition that is LUKS encrypted will require the user to decrypt it with the password that was established during the LUKS setup. So if you LUKS encrypt root, /home, and [SWAP], you would need to type 3 passwords during boot. The only exception would be if @/home was a logical volume under root, in which case it would be decrypted once root is decrypted. Once other note: Since [SWAP] is encrypted, you may have difficulty resuming from a Hibernate sleep state if you ever put the system in Hibernate mode. Personally I'm not sure why anyone would do this because it's faster to boot the system from a shutdown, so this is really just an FYI. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1212853 https://bugzilla.suse.com/show_bug.cgi?id=1212853#c4 --- Comment #4 from Eyad Issa <eyadlorenzo@gmail.com> --- (In reply to Matt Weber from comment #3)
So if you LUKS encrypt root, /home, and [SWAP], you would need to type 3 passwords during boot. The only exception would be if @/home was a logical volume under root, in which case it would be decrypted once root is decrypted.
So I guess the second password is for the swap, because the root partition should be handled automatically by GRUB passing the password to the initramfs.
Once other note: Since [SWAP] is encrypted, you may have difficulty resuming from a Hibernate sleep state if you ever put the system in Hibernate mode. Personally I'm not sure why anyone would do this because it's faster to boot the system from a shutdown, so this is really just an FYI.
It was available on the setup and I decided to do it because if the PC gets stolen while hybernating it could means data is in swap. On the other hand, I will probably remove it and replace it with a btrfs swap subvolume. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1212853 https://bugzilla.suse.com/show_bug.cgi?id=1212853#c5 Eyad Issa <eyadlorenzo@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |INVALID --- Comment #5 from Eyad Issa <eyadlorenzo@gmail.com> --- Ok so: - removing the swap partition - removing the entry from /etc/crypttab and /etc/fstab - running dracut -f to re-create the initramfs I'm not asked two passwords anymore. Just the bootloader one. So the conclusion is that the second password was asked because the swap was on a different LUKS partition. I don't know why the setup creates two partitions by default. I will add a note on the wiki. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1212853 https://bugzilla.suse.com/show_bug.cgi?id=1212853#c6 Eyad Issa <eyadlorenzo@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|INVALID |DUPLICATE --- Comment #6 from Eyad Issa <eyadlorenzo@gmail.com> --- *** This bug has been marked as a duplicate of bug 1205314 *** -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com