On Fri 26 Nov 2021, Christoph Biedl wrote: > Paul Slootman wrote... > > > I have 2 MD raid devices which are encrypted. > (...) > > I can't find any hints on how to proceed from here, to have the second > > device also automatically unlocked. Do you have any idea? > > I can't be the only person with more than one LUKS-encrypted device. > > Strange - at a first glance it seems this is > > https://github.com/latchset/clevis/commit/v16-2-g0abdfbc > > That change however was included in 16-2, the version you're using. > Actually, that change was the reason for 16-2.
That would trigger if at that moment both devices are decrypted at the same stage. Before I installed clevis, I would first get the passphrase prompt for the first device during the initrd step, and then after the root filesystem is decrypted and mounted, only _then_ did I get asked for the passphrase for the second device. That happens via the /etc/init.d/cryptdisks-early script which is linked to /etc/rcS.d/S08cryptdisks-early . The reason I think is that the second device is not needed to boot the system. Presumably there is some way that the initrd scripts determine what devices need to be decrypted; my problem would probably go away if the second device gets added to that list. Note that I'm one of those old beardy unix people that don't want to like systemd... I see that there is a clevis-systemd package that perhaps should need a clevis-sysvinit counterpart. If that is indeed the case, then I understand if you'd want to tag this "wontfix". However it would be nice if there was some way to unlock all devices during the initrd step. Thanks, Paul
