Re: NBDE, clevis and tang for non-root disk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Nov 27, 2018 at 8:06 PM mark <m.roth@xxxxxxxxx> wrote:

> Sorry, I think you misunderstood. The key for root is *not* in
> /etc/crypttab - that's only for the secondary ones.
>
>     mark
>
> I understood correctly, just that you mentioning that one can put the key
in the /etc/crypttab gave me the idea to check if the initramfs image will
have the same content for crypttab. So now I have 2 working solutions:
1) /etc/crypttab on OS has a reference to the file that contains the key to
decrypt the second volume (the key is on the encrypted root fs). I have
checked and the initramfs /etc/crypttab has only the line for the root
volume, without any reference to the second volume. The root volume gets
decrypted by clevis+tang. The second volume is decrypted after the root
volume is decrypted, /etc/crypptab is read and the key is found.
2) the initramfs /etc/crypttab was manually updated to add the line for the
second volume. Clevis + tang will decrypt both the root fs and the second
volume.
I was surprised to find out the the /etc/crypttab in initramfs is different
from the one in OS. So now I'm searching for the correct way to force
dracut to include /etc/crypttab unchanged in the initramfs image.

Radu
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux