Bugzilla – Bug 1084818
initrd always ask for password also if password is provided in /etc/crypttab
Last modified: 2019-04-04 15:02:33 UTC
Rootfilesystem is decrypted by grub. Then kernel and initrd is loaded. /etc/crypttab provides password in 3rd column. Always system stops booting and prompt for password for encrypted partitions but this is not necessary because passwords are provided by /etc/crypttab
Hi Qiang Zhao, would you please take a look at this issue? If you are not the right assignee, please feel free to reassign, thanks.
The password field in crypttab can only work for extra partitions, not for the root filesystem itself. Chicken and egg problem. If that is not what you meant please attach your crypttab (with passwords X'd out).
Perhaps the reporter for this bug was looking for something similar to this forums thread: https://forums.opensuse.org/showthread.php/531092-Boot-encrypted-root-(encrypted-boot)
This means the kernel and initrd are on crypted rootfs which will be read with grub luks module. So its no problem to save the passwords in the initrd.
You have not been clear as to whether the password is in the "initrd" or on what you did to achieve that. Do you also have a 4th column (options) in "/etc/crypttab". If not, try adding one -- you can use "none" for the options. Possibly that file is not parsed correctly if it has only 3 columns for your entry. And remember to rebuild the "initrd" after making that change.
Note the third column in crypttab is not the password itself but rather the path to a file. Upstream dracut has no extra code to include the keyfile in the initrd, it assumes that the keyfile points to a device. So if you want your password to be stored in a file in initrd you have to hook into dracut to actually copy the keyfile to the initrd.