On 22/12/2018 12:57, Guilhem Moulin wrote: > The cryptroot initramfs boot scripts won't try to mount anything; if an > extra file-system (other than / and /usr) needs to be mounted at early > boot stage, you'll need to arrange for it yourself, for instance with a > local-block script. So unlocking the LUKS image using only the /etc/crypttab file won't work. I think I could play with the scripts and see what can be done.
> If you remove ‘keyscript=decrypt_keyctl’ systemd should be able to > unlock the device later in the boot process, once /home has been > mounted. (systemd doesn't support ‘keyscript=’ currently, cf. #618862.) > To preserve unattended unlocking you could use a key file instead. In the past I was using systemd to unlock all the LUKS containers and that was working well. But I had to remove plymouth, and hence I have to type the same password multiple times at boot stage. That's why I added the "luks.crypttab=no" option to the kernel cmd line, and I want to use only the /etc/crypttab solution.
signature.asc
Description: OpenPGP digital signature
