On Wed, 2020-10-14 at 20:42 +0300, Andrei Borzenkov wrote:
14.10.2020 14:39, Ralph пишет:
Hello!
Some strangeness in a fresh install of Leap 15.2 on a system with
multiple LUKS partitions mounted at boot, all owning the same
password.
Normal boot and plymouth(?) displays a neon green text line on a blank
background asking for the LUKS password for swap. After entering pw,
plymouth(?) then displays three neon green blocks for several seconds.
Remaining three LUKS partitions are invisibly mounted without further
prompting and system boots into graphical mode.
Boot with plymouth.enable=0 and I get the text display, as expected and
usual in previous revs, but then I get prompted for passwords for all 4
partitions, even though they all have the same password. This used to
be buffered and pw retried on additional partitions first before system
would ask for any needed additional pw. Not now, apparently.
I cannot reproduce it. I create two encrypted partitions with the same
passphrase and I'm asked just once. Systemd should actually cache
passphrase in kernel keyring for short period of time. How long is
interval between password requests?
You may want to boot with systemd.log_level=debug which /may/ provide
more information what happens.
I observe the same "annoying" behavior - having to enter disk encryption password two times - in grub and at swap activation during boot.
My install is default Leap 15.2 install with encrypted disk (default = 2 encrypted partitions = btrfs file system + swap)
I have never questioned it as I thought that this is unavoidable in openSuSE - and assumed that the other distro's which do not need this are cutting some security corners for the sake of convenience.
Now that you remind me how annoying this actually is - I might get rid off swap partition altogether and setup swap file (with disabled COW) instead. It will cost performance, but it really bothers me to watch the laptop boot every time.
Perhaps the different LUKS behavior depends on UEFI/secureBoot+UEFI/not-UEFI boot paths.
Tomas