I have a system setup with LUKS on top of LVM, I plan to add a new LUKS logical volume. Adding the entry for this LV into */etc/crypttab,* makes it ask for the passphrase at boot. Now, what I want to know is how to make this partition decrypt using the existing "global passphrase".
Does anyone know how Fedora installer sets up all the partitions to open with one passphrase? Does it use a keyfile in the second slot, which in turn unlocks rest of the partitions. Assuming the first partition is unlocked by the passphrase and contains a keyfile in it. I hope it's not. Doesn't sound very secure.
On Mon, Jul 25, 2011 at 15:24:13 +1000, yudi v yudi.tux@gmail.com wrote:
Does anyone know how Fedora installer sets up all the partitions to open with one passphrase?
Each passphrase encounted is tried on each luks device. If you use the same passphrase on all of your luks devices, then you should only get asked for it once during the boot process. However there is a bug in the handoff between the early boot process and plymouth, so that sometimes you need to enter it twice.
So, if I create a new partition after initial setup, give it the same passphrase and add the entry to /etc/crypttab, it should decrypt along with others at boot?
On Tue, Jul 26, 2011 at 10:05:20 +1000, yudi v yudi.tux@gmail.com wrote:
So, if I create a new partition after initial setup, give it the same passphrase and add the entry to /etc/crypttab, it should decrypt along with others at boot?
Yes. You'll also want to add an fstab entry for the file system so that it ends up getting mounted after it is luks opened.
-
Bruno Wolff III -
yudi v