Re: [RFC] Passing luks passphrase from grub to systemd

From: Oleksandr Natalenko
Date: Sun Apr 15 2018 - 18:34:50 EST

Next message: Al Viro: "Re: [PATCH] fs/dcache.c: re-add cond_resched() in shrink_dcache_parent()"
Previous message: Cong Wang: "Re: Softlockup and Hardlockup sample test module"
In reply to: Hansjoerg Lipp: "Re: [RFC] Passing luks passphrase from grub to systemd"
Next in thread: Hansjoerg Lipp: "Re: [RFC] Passing luks passphrase from grub to systemd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi.

> as I'm stuck with a (non-EFI x86_64) system with encrypted root
> partition, I have to enter the passphrase twice (grub needs it for
> getting the kernel etc., systemd needs it for mounting the root
> partition). This can be quite inconvenient, especially if the passphrase
> is long and contains special characters, and grub assumes a different
> keyboard layout.

Just fill another LUKS slot with a randomly generated key file and add that
file to your initramfs (which already resides on encrypted /boot, right?). If
your distro cannot do that, you should probably fixing things there, not
adding ugly hacks to the kernel.

Check how it is implemented in Arch, for instance [1]. I'm not sure whether
this is currently possible with openSUSE, though.

Regards,
Oleksandr

[1] https://klmlinks.wordpress.com/2016/03/

Next message: Al Viro: "Re: [PATCH] fs/dcache.c: re-add cond_resched() in shrink_dcache_parent()"
Previous message: Cong Wang: "Re: Softlockup and Hardlockup sample test module"
In reply to: Hansjoerg Lipp: "Re: [RFC] Passing luks passphrase from grub to systemd"
Next in thread: Hansjoerg Lipp: "Re: [RFC] Passing luks passphrase from grub to systemd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]