Results 1 to 6 of 6

Thread: LUKS, btrfs, RAID1 & how does systemd mount 2 volumes with same pw?

  1. #1

    Default LUKS, btrfs, RAID1 & how does systemd mount 2 volumes with same pw?

    hi,

    so i had to get a new pc and i've set up a btrfs RAID1 on 2 disks with 2 partions each wheras 1 (/home) is encrypted (same pw). my thinking was that i get asked for my password twice, each for both partions. however that is not the case.

    question: is the password used on both dm-crypt partitions? when yes, why?

    Code:
    # btrfs fi show
    Label: none  uuid: 1988bbda-a6a4-47e1-be87-852418a626cf
        Total devices 2 FS bytes used 14.40GB
        devid    2 size 44.53GB used 16.01GB path /dev/dm-1
        devid    1 size 44.53GB used 16.03GB path /dev/dm-0
    
    Label: none  uuid: 6c98837a-dad2-4328-9f09-cb6a77f6dd60
        Total devices 2 FS bytes used 11.23GB
        devid    2 size 30.00GB used 15.03GB path /dev/sdb1
        devid    1 size 30.00GB used 15.04GB path /dev/sda7
    
    Btrfs v0.19+
    Code:
    :/dev/mapper # la
    total 0
    drwxr-xr-x  2 root root     120 Jan 12 22:59 .
    drwxr-xr-x 17 root root    4540 Jan 12 22:59 ..
    crw-------  1 root root 10, 236 Jan 12 22:44 control
    lrwxrwxrwx  1 root root       7 Jan 12 22:44 cr_home1 -> ../dm-1
    lrwxrwxrwx  1 root root       7 Jan 12 22:44 cr_home2 -> ../dm-0
    lrwxrwxrwx  1 root root       7 Jan 12 22:59 truecrypt1 -> ../dm-2
    Code:
    /etc/crypttab
    cr_home1                            /dev/disk/by-id/ata-ST3250318AS_9VYCPAY5-part8 none       none
    cr_home2                            /dev/disk/by-id/ata-ST380811AS_6PS2K7ME-part2 none       none
    Code:
    /etc/fstab
    UUID=6c98837a-dad2-4328-9f09-cb6a77f6dd60 /                    btrfs      defaults,compress=lzo,autodefrag              1 1
    /dev/disk/by-id/ata-ST3250318AS_9VYCPAY5-part6 swap                 swap       defaults              0 0
    /dev/disk/by-id/ata-ST3250318AS_9VYCPAY5-part5 /boot                ext4       acl,user_xattr        1 2
    proc                 /proc                proc       defaults              0 0
    sysfs                /sys                 sysfs      noauto                0 0
    debugfs              /sys/kernel/debug    debugfs    noauto                0 0
    usbfs                /proc/bus/usb        usbfs      noauto                0 0
    devpts               /dev/pts             devpts     mode=0620,gid=5       0 0
    /dev/disk/by-id/ata-ST3250318AS_9VYCPAY5-part9 /tmp                 ext2       acl,user_xattr        1 2
    /dev/mapper/cr_home1                            /home                btrfs       nofail,defaults,device=/dev/mapper/cr_home1,device=/dev/mapper/cr_home2,autodefrag,compress=lzo                0 2
    Code:
    #mount
    devtmpfs on /dev type devtmpfs (rw,relatime,size=1017840k,nr_inodes=254460,mode=755)
    tmpfs on /dev/shm type tmpfs (rw,relatime)
    tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
    devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
    /dev/sda7 on / type btrfs (rw,relatime,compress=lzo,space_cache,autodefrag)
    proc on /proc type proc (rw,relatime)
    sysfs on /sys type sysfs (rw,relatime)
    tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755)
    cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
    cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
    cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
    cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
    cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
    cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
    cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
    cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
    cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
    cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
    systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
    tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,relatime,mode=755)
    tmpfs on /var/run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
    hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
    securityfs on /sys/kernel/security type securityfs (rw,relatime)
    mqueue on /dev/mqueue type mqueue (rw,relatime)
    tmpfs on /media type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755)
    debugfs on /sys/kernel/debug type debugfs (rw,relatime)
    /dev/sda5 on /boot type ext4 (rw,relatime,data=ordered)
    /dev/sda9 on /tmp type ext2 (rw,relatime)
    /dev/mapper/cr_home2 on /home type btrfs (rw,relatime,compress=lzo,space_cache,autodefrag)
    none on /var/lib/ntp/proc type proc (ro,nosuid,nodev,relatime)
    fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
    gvfs-fuse-daemon on /run/user/sebastian/gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)

  2. #2
    Join Date
    Sep 2012
    Posts
    5,141

    Default Re: LUKS, btrfs, RAID1 & how does systemd mount 2 volumes with same pw?

    Quote Originally Posted by brian_j View Post
    question: is the password used on both dm-crypt partitions? when yes, why?
    Actually most people want to avoid multiple password requests. You seem to be the only one who does not like it

    Which openSUSE version do you use?

  3. #3

    Default Re: LUKS, btrfs, RAID1 & how does systemd mount 2 volumes with same pw?

    Quote Originally Posted by arvidjaar View Post
    Actually most people want to avoid multiple password requests. You seem to be the only one who does not like it
    security is the issue. one has got to know whats going on.

    Quote Originally Posted by arvidjaar View Post
    Which openSUSE version do you use?
    12.2
    Code:
    uname -r
    3.7.1-1-desktop
    from factory

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,643
    Blog Entries
    3

    Default Re: LUKS, btrfs, RAID1 & how does systemd mount 2 volumes with same pw?

    Quote Originally Posted by brian_j View Post
    question: is the password used on both dm-crypt partitions? when yes, why?
    I have no experience with RAID. I give my experience with more standard partitioning.

    I started using crypto with opensuse 11.3, where I setup both "/home" and swap to be encrypted. I was prompted twice for the key (which I found annoying). I switched swap to use a random key (with straight dm-crypt), so as to avoid the two prompts.

    I later discovered, with opensuse 11.4, that if I entered "initrd" in the options column of "/etc/crypttab", I could do it with the encryption key only requested once. The crypto was being handled in the "initrd", and the scripts/code that runs there will take the key provided, and test it for every partition that it needs to decrypt. And if two or more have the same key, there is only one prompt for the key. Crypto behaved the same with opensuse 12.1.

    With opensuse 12.2, the plymouth splash software takes over. If I disable plymouth, then the crypto behaves as in 11.4 and 12.1. If plymouth is being used, then (a) it tends to be confused by the "initrd" entry in the options column, and (b) without the "initrd" option, it does the cryto key prompting, and tries to use the same key for multiple partitions if it can.

    If you are using 12.2, and if you really want two prompts, you might try disabling plymouth. I don't know if that will work, because RAID might still be treated specially.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  5. #5
    Join Date
    Sep 2012
    Posts
    5,141

    Default Re: LUKS, btrfs, RAID1 & how does systemd mount 2 volumes with same pw?

    Quote Originally Posted by brian_j View Post
    12.2
    Do you use Plymouth? Or are you prompted on plain console?

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: LUKS, btrfs, RAID1 & how does systemd mount 2 volumes with samepw?

    On 2013-01-14 04:16, brian j wrote:
    > security is the issue. one has got to know whats going on.


    Both partitions have the same password if you created both with the same
    password, so it is your fault.

    If the system gets one password for an encripted partition, the boot
    sequence tries the same password on both. If it works, finen, if it
    doesn't, it asks for the second partition.

    --
    Cheers/Saludos
    Carlos E. R. (12.1 test at Minas-Anor)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •