-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ubuntu 20.10 unlock multiple drives at boot time #277
Comments
Same issue with Ubuntu 20.04.1 |
Found the problem... In the A quick fix involves resetting the Just add pid="" before
if luks2_decrypt "${CRYPTTAB_SOURCE}" "${PASSFIFO}"; then
echo "Unlocked ${CRYPTTAB_SOURCE} with clevis"
This will probably also solve #272, and any other multi-device setups. |
Could you explain better your setup, so that I can try to reproduce here? |
2 HDDs partitioned identically to have an unencrypted The 2 root partitions are in a btrfs RAID1 setup. /etc/crypttab has the UUIDs of the 2 encrypted partitions. /etc/fstab has the UUID of the unified RAID1 “device” created by btrfs for the root mount. Let me know if you need other info. Edit: BIOS system, if that makes a difference. |
Adding
|
I think a valid fix would be to reset $pid on success of |
I can confirm that the suggestion above fixes this issue in Ubuntu 20.04.2 LTS with clevis-initramfs version 12-1ubuntu2.2. |
@dpantel: would you submit a pull request with the fix, please? |
Btw, in the past few days I have tested this fix on a variety of machines with both BIOS and UEFI (if that matters) in Ubuntu 20.04.2 LTS, and so far there were no regressions. |
Well. The edit I posted is more of a hack than a fix. I’ll try to look into a proper fix this weekend. |
After looking at it for a while, my original hack seems to be the most straightforward fix after fall. Pull #293 |
@dpantel , @sergio-correia : as this was merged ... can this issue be closed? |
Using clevis If I apply the changes described in Bug 1784084 - Automatic unlocking using Clevis + TPM2 doesn't happen for non-root volumes to For whatever reason the systemd service files installed on Ubuntu 20.04/lib/systemd/system/clevis-luks-askpass.path
/lib/systemd/system/clevis-luks-askpass.service
I wonder what aspect of this multi-faceted "can't unlock multiple devices during boot" issue is #326 trying to fix, @ngtech? |
I unfortunatelly no longer have access to the server that needed the changes in #326 done to boot, If I remember correctly though the changes were to ulock both volumes early during initramfs initial stages without using the services you mention - in any case we weren't using TPM2 only a local LAN Tang server. |
My setup is to have 2 encrypted partitions (on different drives) in a btrfs RAID1 setup for /.
My issue is that clevis only unlocks one of the two partitions during boot. The second one halts with a passphrase prompt.
Any thoughts on why clevis is not used for the second drive?
The text was updated successfully, but these errors were encountered: