Control: reassign -1 cryptsetup-initramfs Control: retitle -1 Open a disk image file not residing on the root filesystem Control: severity -1 wishlist
On Sat, 22 Dec 2018 at 15:47:58 +0100, Mikhail Morfikov wrote:
>> If you remove ‘keyscript=decrypt_keyctl’ systemd should be able to
>> unlock the device later in the boot process, once /home has been
>> mounted. (systemd doesn't support ‘keyscript=’ currently, cf. #618862.)
>> To preserve unattended unlocking you could use a key file instead.
>
> In the past I was using systemd to unlock all the LUKS containers and that was
> working well. But I had to remove plymouth, and hence I have to type the same
> password multiple times at boot stage. That's why I added the
> "luks.crypttab=no"
> option to the kernel cmd line, and I want to use only the /etc/crypttab
> solution.
The “luks.crypttab=no” boot parameter shouldn't be needed if all mapped
devices are either unlocked at initramfs stage, or have option ‘noauto’.
If having a key file is acceptable to you, the following crypttab(5)
snippet should be enough for systemd to map the device once /home has
been mounted:
some_img /home/me/luks/some.img /path/to/key/file luks
--
Guilhem.
signature.asc
Description: PGP signature
