On Fri, Oct 28, 2016 at 01:34:09PM +0200, Marek Marczykowski-Górecki wrote:
> On Fri, Oct 28, 2016 at 05:28:52AM -0600, Trammell Hudson wrote:
> > I'm not sure if this issue affects anyone else, but the /etc/crypttab in
> > initramfs does not have entries for extra partitions that were created
> > during installation. It only has / and swap. [...]
>
> /etc/crypttab in initramfs is generated (not copied) by dracut. See
> here:
> /usr/lib/dracut/modules.d/90crypt/module-setup.sh
It looks like that parses the existing /etc/crypttab on the running
system, so I wonder if the extra partitions are not listed there
during the install. That's difficult for me to verify right now.
> Anyway I think it all should be possible also using kernel command line,
> see man dracut.cmdline.
A related issue is that the kernel command line parameter
rd.luks.key=/secret.key to set the keyfile for all devices does not
seem to be honored by the initramfs. The keyfile is only used if it is
specified in the /etc/crypttab in initramfs.
There is also discussion online that if the initramfs has a
/crypto_keyfile.bin that it will be used by default, but this does not
seem to be the case. I don't see any references to that file in
the generated initramfs.
--
Trammell