Bug 1084818

Summary: initrd always ask for password also if password is provided in /etc/crypttab
Product: [openSUSE] openSUSE Tumbleweed Reporter: geheim geheim <sachse>
Component: BasesystemAssignee: Ludwig Nussel <lnussel>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: nwr10cst-oslnx
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description geheim geheim 2018-03-11 23:52:28 UTC
Rootfilesystem is decrypted by grub.
Then kernel and initrd is loaded.
/etc/crypttab provides password in 3rd column.


Always system stops booting and prompt for password for encrypted partitions but this is not necessary  because passwords are provided by /etc/crypttab
Comment 1 Chenzi Cao 2018-05-22 08:35:08 UTC
Hi Qiang Zhao, would you please take a look at this issue? If you are not the right assignee, please feel free to reassign, thanks.
Comment 2 Ludwig Nussel 2018-06-14 11:37:27 UTC
The password field in crypttab can only work for extra partitions, not for the root filesystem itself. Chicken and egg problem.

If that is not what you meant please attach your crypttab (with passwords X'd out).
Comment 3 Neil Rickert 2018-06-15 14:28:12 UTC
Perhaps the reporter for this bug was looking for something similar to this forums thread:
https://forums.opensuse.org/showthread.php/531092-Boot-encrypted-root-(encrypted-boot)
Comment 4 geheim geheim 2019-03-29 22:55:06 UTC
This means the kernel and initrd are on crypted rootfs which will be read with grub luks module.
So its no problem to save the passwords in the initrd.
Comment 5 Neil Rickert 2019-03-30 02:04:52 UTC
You have not been clear as to whether the password is in the "initrd" or on what you did to achieve that.

Do you also have a 4th column (options) in "/etc/crypttab".  If not, try adding one -- you can use "none" for the options.  Possibly that file is not parsed correctly if it has only 3 columns for your entry.  And remember to rebuild the "initrd" after making that change.
Comment 6 Ludwig Nussel 2019-04-04 15:02:33 UTC
Note the third column in crypttab is not the password itself but rather the path to a file. Upstream dracut has no extra code to include the keyfile in the initrd, it assumes that the keyfile points to a device. So if you want your password to be stored in a file in initrd you have to hook into dracut to actually copy the keyfile to the initrd.