Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
[opensuse-factory] Tumbleweed full disk encryption passphrase
Hello,

after doing an installation with LVM and harddisk encryption enabled I
need to enter the disk passphrase two times during boot. First when
grub2 wants to read grub2 config and modules + initrd + kernel. And then
a second time when kernel + initrd wants to mount the root filesystem.
And to make it worse, I use special characters for my passphrase, which
should be a good idea for a passphrase, and grub2 uses a different
keyboard layout than the Linux installation. By that I need to type two
different passphrases.

To overcome this problem an unencrypted /boot could be used, but that is
not the installation default. I could also add a second passphrase that
uses a translated keyboard layout, but that is not very handy when I
want to change the passphrase from time to time.

It should be sufficient to type the passphrase only in grub2. After some
research I found some Arch Linux specific instruction [1]. But this uses
an Arch specific initrd hook to open the encrypted fs by reading a
passphrase from a file included in the initrd. I haven't found an
equivalent hook in the tumbleweed dracut config. Would this setup also
be a possible solution for tumbleweed? How could it be configured?

The other problem is the different keyboard layout. For this I found
some older instruction [2] for grub to load a specific keyboard layout
in early stage before access the disk, but it is stated that this is not
possible for grub2 (links the opensuse113 docu). Also some Arch Linux
instructions [3] for grub, but not explicitly for grub2. What is the
"opensuse tumbleweed way" of configuring this?

Br,
Frank


[1]
https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs
[2]
https://superuser.com/questions/974833/change-the-keyboard-layout-of-grub-in-stage-1
[3]
https://wiki.archlinux.org/index.php/GRUB/Tips_and_tricks#Manual_configuration_of_core_image_for_early_boot
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >