I have an extra HD drive to decrypt on boot (it wasn’t set up during installation). I followed the steps on SDB:Encrypted root file system - openSUSE Wiki to add a key file: “This works exactly as described above in steps 1-4”. Created the key, added it to the correct partition, etc.
But since it’s not the root partition, I read:
“except that you don’t need to add the key for those partitions to the initrd”
And so I didn’t. I still did “sudo dracut -f” though.
Problem is, I still get asked for the password twice. How can I troubleshoot this? Should I add it to initrd?
The first line is the root filesystem as set by the installer. The second is another encrypted partition, but one I don’t want mounted at boot. The third is the relevant one for the issue I’m having.
So, you first told the system to unlock your partition in initrd and then you did not include the key to do it automatically in initrd. Why are you surprised that initrd prompts you for the password?
Why are you surprised that initrd prompts you for the password?
Because the step telling me it’s unnecessary to add the key to initrd is still under the general section “Avoiding to type the passphrase twice”. And as it told me it wasn’t necessary, it didn’t tell me what would happen in case I didn’t I’ll try adding something to openSUSE’s SDB if the wiki’s editors will accept it.
It’s my first time messing directly with crypttab so sorry for the noob mistake, and thank you for your time and patience! Have a happy new year!
Wiki is not a divine revelation. Anything in it (and anything you found on Internet in general) should not be used blindly. It should be considered just an example valid for the specific environment where it was written and that you need to review and adjust as needed. Things change and instructions become outdated.
In this case dracut historically ignored x-initrd.attach option and only included in initrd the devices needed for the root filesystem. So the article was correct at the time it was written.
Excellent. That is how these things are kept up to date