Web lists-archives.com

Fwd: Debian Stretch, no password prompt for luks-encrypted home partition during boot




As expected nothing is changed. I did not forget to run update-initramfs after change of fstab.
Attached 3 photos: normal boot, recovery boot before pasword enter, recovery boot after password and Ctrl-D in recovery shell.

Best regards,
Sergey Belyashov

вт, 28 мая 2019 г., 9:38 deloptes <deloptes@xxxxxxxxx>:
Sergey Belyashov wrote:

> Root partition is on mdraid but is not encrypted. Home is encrypted only.
> Modules are set to most already.
>

I have this setup on my server, but I removed all crypted entries from fstab
because obviously I can not sit infront of the server to type the password
when booting. So I can not help in this case much. I put all of this in a
script that I execute after I ssh to the server.

On the clients I have root encrypted. I had issues in the beginning after
transfering the system from dbootstrap to the disk. In that case the UUIDs
were not correct. I always did set the init=/bin/sh on the command line in
grub to get the shell and debugged. Sometimes it is useful to add
a "rootdelay" to wait for the root device to get available, but in your
setup it looks like it is not exactly what you would need.

When the system boots it would read whatever you have in your initrd. It
would load the drivers and perform the boot process. Then it will pass
control to init and run the rest from the root system. IMO mounting home
comes in this second stage, but I am not 100% sure. What do you see when
you enable debug or verbose - what does it say when booting.

Also you have the fs type in fstab set to auto for your home - what happens
if you set the exact fs type like ext4 or xfs?

Do a change at a time and test after this.

regards