Re: systemd and plymouth not caching LUKS passphrase
On Tue, 28-06-2016, at 12:30, Jonathan Dowland <j...@debian.org> wrote: > On Wed, Jun 22, 2016 at 08:57:19PM +0200, Ramon Diaz-Uriarte wrote: >> Thanks, but it does not seem to work. > > I'm sorry to hear that. I will have a go at reproducing this but it will take > me a little time to set up some VMs. OK, I guess it must not be a big deal for most people anyway. I am a getting used to typing the password twice :-) -- Ramon Diaz-Uriarte Department of Biochemistry, Lab B-25 Facultad de Medicina Universidad Autónoma de Madrid Arzobispo Morcillo, 4 28029 Madrid Spain Phone: +34-91-497-2412 Email: rdia...@gmail.com ramon.d...@iib.uam.es http://ligarto.org/rdiaz
Re: systemd and plymouth not caching LUKS passphrase
On Wed, 22-06-2016, at 12:55, Jonathan Dowland <j...@debian.org> wrote: > Hi, > > > On Wed, Jun 22, 2016 at 09:14:21AM +0200, Ramon Diaz-Uriarte wrote: >> It is my understanding that both systemd per se starting on v227 and >> plymouth will cache passwords[1]. However, there is no caching of LUKS >> passwords in my setting, a laptop with two encrypted partitions, >> corresponding to root and swap, and where both share the passphrase. > snip >> I wonder if there is something I need to set/unset, or if I need to create >> some (which?) script in /etc/systemd/system. > > Looking at the manpage[1], it would appear you need to specify the argument > "--keyname=somename" to the systemd-ask-password process in order for it to > try and cache the passphrases. You would need to use the same keyring name > for each invocation and the subsequent invocations need to also have > --accept-cached. > > At boot time you aren't invoking systemd-ask-password yourself, so we need > to figure out what calls it and how to configure *that* to pass the keyname > argument through. > > I haven't tested it, but if you copy and override > /lib/systemd/system/systemd-ask-password-console.service to > /etc/systemd/system > and add the two arguments, that might work. (you might also need to regenerate > the initramfs). Thanks, but it does not seem to work. - I copied /lib/systemd/system/systemd-ask-password-console.service to /etc/systemd/system (i.e., it is not a symlink) - I added --keyname=cryptsetup --accept-cached at the end of ExecStart - Regenerated initramfs - s2disk and then boot. I am still asked for both passwords. - Note I am not using plymouth at the moment, but I understand this should work without plymouth. Best,,, > > > [1] > https://www.freedesktop.org/software/systemd/man/systemd-ask-password.html# -- Ramon Diaz-Uriarte Department of Biochemistry, Lab B-25 Facultad de Medicina Universidad Autónoma de Madrid Arzobispo Morcillo, 4 28029 Madrid Spain Phone: +34-91-497-2412 Email: rdia...@gmail.com ramon.d...@iib.uam.es http://ligarto.org/rdiaz
systemd and plymouth not caching LUKS passphrase
Dear All, (I originally sent this by replying to, and thus threading under, another thread; doing it right now :-) It is my understanding that both systemd per se starting on v227 and plymouth will cache passwords[1]. However, there is no caching of LUKS passwords in my setting, a laptop with two encrypted partitions, corresponding to root and swap, and where both share the passphrase. I am using systemd 230-2 and plymouth 0.9.2-3+b1 and running kernel linux-image-4.6.0-1-amd64 (kernel 4.5 behaves the same way). Trying with or without plymouth makes no difference (i.e., I am always asked for both passwords). I wonder if there is something I need to set/unset, or if I need to create some (which?) script in /etc/systemd/system. My /etc/crypttab is crypt-sda5 UUID= noneluks crypt-sda2 UUID= noneluks And my /etc/fstab is proc/proc procdefaults0 0 UUID= /boot ext3defaults 0 2 /dev/mapper/crypt-sda5 / ext4 errors=remount-ro,user_xattr 0 1 /dev/mapper/crypt-sda2 noneswapsw 0 0 Best, [1] Changes in v227: https://lists.freedesktop.org/archives/systemd-devel/2015-October/034509.html, or for instance the step-by-step instructions on setting full disk encryption at htps://thesimplecomputer.info/full-disk-encryption-with-ubuntu -- Ramon Diaz-Uriarte Department of Biochemistry, Lab B-25 Facultad de Medicina Universidad Autónoma de Madrid Arzobispo Morcillo, 4 28029 Madrid Spain Phone: +34-91-497-2412 Email: rdia...@gmail.com ramon.d...@iib.uam.es http://ligarto.org/rdiaz
Re: systemd and plymouth not caching LUKS passphrase
Thank you. Yes, I replied with the idea of removing the reference but ... obviously I didn't. I'll wait a couple of days before trying again (I don't want to look like a spammer). Best, On Mon, Jun 20, 2016 at 1:54 AM, David Wright <deb...@lionunicorn.co.uk> wrote: > (off-list) > > On Sun 19 Jun 2016 at 23:43:37 (+0200), Ramon Diaz-Uriarte wrote: >> >> Dear All, > [..] > > Some people may miss this posting because they're not interested > in "jessie won't install/boot on a Dell Poweredge R815" under > which subject you've threaded it. > > It's the header line > References: <e1behme-000h1t...@upplysingaoflun.ecn.purdue.edu> > that's doing you no favours. > > Cheers, > David. -- Ramon Diaz-Uriarte Structural Biology and Biocomputing Programme Spanish National Cancer Centre (CNIO) http://ligarto.org/rdiaz Phone: +34-91-732-8000 ext. 3019 Fax: +-34-91-224-6972
systemd and plymouth not caching LUKS passphrase
Dear All, It is my understanding that both systemd per se from v227 and plymouth will cache passwords[1]. However, there is no caching of LUKS passwords in my setting, a laptop with two encrypted partitions, corresponding to root and swap, and where both share the passphrase. I am using systemd 230-2 and plymouth 0.9.2-3+b1 and running kernel linux-image-4.6.0-1-amd64 (kernel 4.5 behaves the same way). Trying with or without plymouth makes no difference (i.e., I am always asked for both passwords). I wonder if there is something I need to set/unset, or if I need to create some (which?) script in /etc/systemd/system. My /etc/crypttab is crypt-sda5 UUID= noneluks crypt-sda2 UUID= noneluks And my /etc/fstab is proc/proc procdefaults0 0 UUID= /boot ext3defaults 0 2 /dev/mapper/crypt-sda5 / ext4 errors=remount-ro,user_xattr 0 1 /dev/mapper/crypt-sda2 noneswapsw 0 0 Best, [1] Changes in v227: https://lists.freedesktop.org/archives/systemd-devel/2015-October/034509.html, or for instance the step-by-step instructions on setting full disk encryption at htps://thesimplecomputer.info/full-disk-encryption-with-ubuntu -- Ramon Diaz-Uriarte Department of Biochemistry, Lab B-25 Facultad de Medicina Universidad Autónoma de Madrid Arzobispo Morcillo, 4 28029 Madrid Spain Phone: +34-91-497-2412 Email: rdia...@gmail.com ramon.d...@iib.uam.es http://ligarto.org/rdiaz
systemd and plymouth not caching LUKS passwords
Dear All, It is my understanding that both systemd per se from v227 and plymouth will cache passwords[1]. However, there is no caching of LUKS passwords in my setting, a laptop with two encrypted partitions, corresponding to root and swap, and where both share the passphrase. I am using systemd 230-2 and plymouth 0.9.2-3+b1 and running kernel linux-image-4.6.0-1-amd64 (kernel 4.5 behaves the same way). Trying with or without plymouth makes no difference (i.e., I am always asked for both passwords). I wonder if there is something I need to set/unset, or if I need to create some (which?) script in /etc/systemd/system. My /etc/crypttab is crypt-sda5 UUID= noneluks crypt-sda2 UUID= noneluks And my /etc/fstab is proc/proc procdefaults0 0 UUID= /boot ext3defaults 0 2 /dev/mapper/crypt-sda5 / ext4 errors=remount-ro,user_xattr 0 1 /dev/mapper/crypt-sda2 noneswapsw 0 0 Best, [1] Changes in v227: https://lists.freedesktop.org/archives/systemd-devel/2015-October/034509.html, or for instance the step-by-step instructions on setting full disk encryption at htps://thesimplecomputer.info/full-disk-encryption-with-ubuntu -- Ramon Diaz-Uriarte Department of Biochemistry, Lab B-25 Facultad de Medicina Universidad Autónoma de Madrid Arzobispo Morcillo, 4 28029 Madrid Spain Phone: +34-91-497-2412 Email: rdia...@gmail.com ramon.d...@iib.uam.es http://ligarto.org/rdiaz
