-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <1bb6fd81-eee8-9325-e72d-29650d3ad19a@Laicolasse.valinor> El 2023-08-21 a las 15:32 +0300, Andrei Borzenkov escribió:
On Mon, Aug 21, 2023 at 2:20 PM Carlos E. R. <robin.listas@gmx.es> wrote:
Laicolasse:~ # lsinitrd /boot/initrd-5.14.21-150500.55.12-default /etc/crypttab cr-auto-1 /dev/disk/by-uuid/43662ac8-d98d-4b1a-a483-0f16e06b419c /.root.key x-initrd.attach Laicolasse:~ #
Wow. How come the rest "got removed"?
Try adding x-initrd.mount as an option in /etc/fstab for. And you still need x-initrd.attach for those lines you want to be mounted in initrd.
The later worked; at least the lines are on the initrd. I will try rebooting now. [...] No, I'm still prompted twice for the pasword, once by grub, and another by plymouth. Current status: Laicolasse:~ # lsinitrd /boot/initrd-5.14.21-150500.55.12-default /etc/crypttab cr-auto-3 /dev/disk/by-uuid/253d3fd9-7f53-465a-85f9-1900b6b87a3c /.root.key x-initrd.attach cr-auto-2 /dev/disk/by-uuid/d153e878-b32c-4a14-856e-cbc8c6101280 /.root.key x-initrd.attach cr-auto-1 /dev/disk/by-uuid/43662ac8-d98d-4b1a-a483-0f16e06b419c /.root.key x-initrd.attach Laicolasse:~ # Which corresponds to: nvme0n1p4 home nvme0n1p3 swap nvme0n1p2 / Laicolasse:~ # head /etc/fstab LABEL=Main / ext4 defaults 0 1 LABEL=Home /home xfs defaults,x-initrd.mount 0 0 LABEL=ESP /boot/efi vfat utf8 0 2 LABEL=Swap swap swap defaults,x-initrd.mount 0 0 LABEL=Beta /Other ext4 data=ordered 0 2 Laicolasse:~ # Ok, I see a mistake in the /etc/crypttab file, home should have /.root.key x-initrd.attach. But I tried with them all How can I check if the key file was actually added to the encrypted devices? I can do: cryptsetup luksDump /dev/nvme0n1p2 but I do not know what each key is. Or at least the key size. On /dev/nvme0n1p2 I see one key slot has Key material offset: 8 and the second key has Key material offset: 512 But /dev/nvme0n1p4 has only one key slot, so it is probably missing the key file. I'll add it again. [...] done. And Swap has 3 keys, go figure. Maybe I goofed and added the key fille twice to the same partition. Key material offset: 8 Key material offset: 512 Key material offset: 1016 Ah, I see. Not size, but an index, and offset in the array. Ah. So I should delete slot 3. Ok, done. Laicolasse:~/Telcontar/notas/crypto # cryptsetup luksKillSlot /dev/nvme0n1p3 2 Enter any remaining passphrase: Laicolasse:~/Telcontar/notas/crypto # [...] Booted, et voilá! It worked :-) - -- Cheers Carlos E. R. (from openSUSE 15.5 (Laicolasse)) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZONvKBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVh2UAnj0YRvRTVZJgyiOdPpJb s7CNJ5p0AJ941MkMx8Zn/ovyprfkmJSbHGPJLQ== =HiTP -----END PGP SIGNATURE-----