Hi
I’ve read the wiki page about mounting encrypted partitions but without success.
Here is what I’ve done so far.
- Fresh install of Tumbleweed on the SSD (sda) with LVM and LUKS with default layout created by the installer as described on the wiki page:
>sda 8:0 0 111.8G 0 disk
├─sda1 8:1 0 8M 0 part
└─sda2 8:2 0 111.8G 0 part
└─cr_ata-Samsung_SSD_840_EVO_120GB_S1D5NSBDA60830Z-part2 254:0 0 111.8G 0 crypt
├─system-root 254:1 0 100.1G 0 lvm /var
│ /usr/local
│ /srv
│ /root
│ /opt
│ /home
│ /boot/grub2/i386-pc
│ /boot/grub2/x86_64-efi
│ /.snapshots
│ /
└─system-swap 254:2 0 11.7G 0 lvm [SWAP]
-
So far so good. GRUB is asking for password expected.
-
Now lets add a second HDD, also encrypted with LUKS, XFS file system, one volume with size of the entire HDD (sdb) created with yast partitioner:
>sdb 8:16 0 447.1G 0 disk
└─sdb1 8:17 0 447.1G 0 part
└─sdb1 254:3 0 447.1G 0 crypt /media/Kingston500
-
At this moment GRUB is asking for password and then, playmouth or SDDM is asking to enter password for the second hard drive (sdb). If correct password is entered I’m at the SDM promted to enter user credentials.
The issue here is that I want to enter only one password to decrypt all hard drives (sda and sdb) -
Acording to wiki page I’m then:
- creating a key file at /keyfile
- bind the key file to sdb (HDD) partition
sudo cryptsetup luksAddKey /dev/sdb1 /keyfile
- modifying the /etc/crypttab to add entry for sdb (the HDD)
cr_ata-Samsung_SSD_840_EVO_120GB_S1D5NSBDA60830Z-part2 UUID=6ea73192-534f-46ed-905d-e19875506684 /keyfile x-initrd.attach
sdb1 /dev/disk/by-uuid/7fbad306-7fd3-4e97-bb45-f49bf61b579f /keyfile luks x-initrd.attach
- create sdb entry to the /fstab (only sdb related entry shown below):
/dev/mapper/sdb1 /media/Kingston500 xfs defaults 0 2
- add the key file to the initrd
echo -e 'install_items+=" /keyfile "' | sudo tee --append /etc/dracut.conf.d/99-root-key.conf > /dev/null
- Rebuild the initrd
sudo dracut -f
Note:
I’m using the same password for sda, sdb, /keyfile and user account.
However, I’m still prompted for two decryptiong passwords, once at the GRUB (which is fine) and just before the SDDM to decrypt the sdb (second hard drive) which i’m truing to decrypt with keyfile instead.
What could be wrong or missing?
I’ve followed multiple tutorials (targeting other distors as well as tumbleweed itself), they do almost every step the same beside add key to the initrd with dracut which I always did. But so far no success.