[systemd-devel] systemd prompts for luks key, but keyfile provided in crypttab
Lennart Poettering
lennart at poettering.net
Fri Jul 24 09:35:25 PDT 2015
On Thu, 23.07.15 17:29, Alex (geosmin104 at gmail.com) wrote:
> I was advised on IRC to post this issue here after trying IRC, forums,
> searches, man pages, wikis, etc.
>
> During init, systemd asks for the passphrase of non-root LUKS drives when
> they are added to crypttab even though a keyfile is specified. The keyfile
> is the same one I'm using to open (old) truecrypt drives (also with
> crypttab) - those open fine and don't ask for the passphrase.
>
> /etc/crypttab looks like this:
>
> tcrypt_drive1 /dev/sdXY /path/to/keyfile tcrypt
> tcrypt_drive2 /dev/sdYX /path/to/keyfile tcrypt
> luks_drive1 UUID=$UUID /path/to/keyfile
> luks_drive2 UUID=$UUID /path/to/keyfile
>
> What I've tried so far, in no particular order:
>
> - Checking that crypttab's formatting is correct
> - Checking that keyfile has proper permissions
> - Adding and/or removing the 'luks' flag to the luks drives in crypttab
> - Specifying an entry in /etc/fstab for where the luks drives should be
> mounted
> - Specifying an (identical) keyfile not being used by the tcrypt drives
> - Removing the tcrypt drives from crypttab and leaving only the luks drives
> - Using /dev/sdXY instead of UUID
> - Reversing the order of the tcrypt and luks drives in crypttab
> - Rebuilding initramfs
> - Checking that crypttab was not present in initramfs
Try booting in debug mode (systemd.log_level=debug on the kernel
cmdline) and check whether the cryptsetup tools generate some output
then.
Also have a look at the various generated cryptsetup unit files, and
if the command line they include is correct.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list