Control: merge 776409 -1 Hi,
Yeah, it's because in the initramfs (before pivot_root) the key files are relative to the real rootfs's mountpoint (/root). Sergio Gelato has found another workaround [0] using a dummy keyscript. I'll see how to support this use case natively. As documented in crypttab(5), “the initramfs hook processes the root device, any resume devices and any devices with the initramfs option set”, so indeed we could safely include a keyfile if stored on an encrypted device that's processed earlier. AFAICT it's mostly a matter of getting the file's mountpoint and finding out whether the device was already included in conf.d/cryptroot. Cheers, -- Guilhem. [0] https://bugs.debian.org/776409#74
signature.asc
Description: PGP signature
