Hi,
On Aug/01/2018, David Christensen wrote: > On 08/01/2018 03:47 PM, Carles Pina i Estany wrote: > > The question is: > > "Please unlock disk m2_root_crypt:" > > > > I expcted to write the password three times. > > Given your crypttab, above, I agree that you should have to enter three > passphrases. I've been investigating and I'm still puzzled. The findings can be resumed: a) If I boot the kernel with break=premount and then execute /scripts/local-top/cryptroot: I need to enter the passphrase three times as expected instead of two. Last one I see the prompt a bit different in bold (probably comes from systemd?). b) If I boot the kernel with the parameter "debug" and then I execute journalctl I can see: """ ago 02 23:30:05 pinux systemd-cryptsetup[498]: Added key to keyring as 604875905. """ And if I execute keyctl show: root@pinux:~# keyctl show Session Keyring 935647640 --alswrv 0 65534 keyring: _uid_ses.0 575581655 --alswrv 0 65534 \_ keyring: _uid.0 604875905 --alswrv 0 0 \_ user: cryptsetup root@pinux:~# If I wait a bit (more than 90 seconds was the default timeout?): root@pinux:~# keyctl show Session Keyring 935647640 --alswrv 0 65534 keyring: _uid_ses.0 575581655 --alswrv 0 65534 \_ keyring: _uid.0 root@pinux:~# But I thought that keyrings were only used by decrypt_keyctl in /etc/crypttab? where is this added? My initrd doesn't have keyctl installed. All of this might be a red herring... Any more ideas please let me know, -- Carles Pina i Estany Web: http://pinux.info || Blog: http://pintant.cat GPG Key 0x8CD5C157