bug#38924: Encrypted root volume requires passphrase twice on boot

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#38924: Encrypted root volume requires passphrase twice on boot

From:	Tobias Geerinckx-Rice
Subject:	bug#38924: Encrypted root volume requires passphrase twice on boot
Date:	Sat, 04 Jan 2020 20:56:44 +0100

Matthew,

Matthew Leach 写道：

I've setup guix on two machines each one of them with anencrypted rootpartition. However, on boot I'm prompted for my passphrasetwice, oncebefore the grub menu is shown and second after Linux has startedand
launched guile as init.


Unfortunately, this is expected.

GRUB needs to decrypt the volume to load the Linux-Libre kerneland initrd, and there's no agreed-upon secure way for GRUB to passthe passphrase or key to the kernel/initrd. So you're promptedfor it again when the volume is actually mounted by the kernel.

I would expect to have to only enter my passphrase once perboot.

Most distributions hack around this limitation by including theunencrypted LUKS key in the initrd on the encrypted volume itself.Guix doesn't currently have any code to do the same.

This has been a problem for years but, by sheer coincidence, JakubKądziołka (CC'd) mentioned that this was on their to-do list fornext week.


Kind regards,

T G-R

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#38924: Encrypted root volume requires passphrase twice on boot, Matthew Leach, 2020/01/04
- bug#38924: Encrypted root volume requires passphrase twice on boot, Tobias Geerinckx-Rice <=

Prev by Date: bug#38924: Encrypted root volume requires passphrase twice on boot
Next by Date: bug#38926: pcmanfm-qt unable to open files by double click
Previous by thread: bug#38924: Encrypted root volume requires passphrase twice on boot
Next by thread: bug#38926: pcmanfm-qt unable to open files by double click
Index(es):
- Date
- Thread