The setup for unlocking an encrypted volume using (only) a keyfile (on a detachable USB drive) usually calls for a keyscript to be specified as one of the encrypted volume's options. But with systemd, such encrypted volumes can only be unlocked during boot by typing in a passphrase.
Steps to reproduce:
1. Have a LUKS encrypted volume.
2. Have said volume specified in /etc/crypttab, with keyscript= option pointing to your script for outputting the unlocking key.
3. Boot.
What I expect to happen:
To have the volume unlocked by the script at boot time without manual intervention.
What happens instead:
Plymouth shows a prompt to enter a valid passphrase for the volume.
Workarounds:
Apparently the options for unlocking encrypted drives, including keyscript, can also be specified at the kernel command-line, without crypttab, and according to yaantc at Hacker News [1] this can be used to work around the issue. I haven't personally tried this.
The setup for unlocking an encrypted volume using (only) a keyfile (on a detachable USB drive) usually calls for a keyscript to be specified as one of the encrypted volume's options. But with systemd, such encrypted volumes can only be unlocked during boot by typing in a passphrase.
Steps to reproduce:
1. Have a LUKS encrypted volume.
2. Have said volume specified in /etc/crypttab, with keyscript= option pointing to your script for outputting the unlocking key.
3. Boot.
What I expect to happen:
To have the volume unlocked by the script at boot time without manual intervention.
What happens instead:
Plymouth shows a prompt to enter a valid passphrase for the volume.
Workarounds:
Apparently the options for unlocking encrypted drives, including keyscript, can also be specified at the kernel command-line, without crypttab, and according to yaantc at Hacker News [1] this can be used to work around the issue. I haven't personally tried this.
* [1] https:/ /news.ycombinat or.com/ item?id= 8477913
ProblemType: Bug ature: Ubuntu 3.19.0- 15.15-generic 3.19.3 /boot/vmlinuz- 3.19.0- 15-generic. efi.signed root=UUID= 2185885c- b860-49a8- 973f-fa3b52d3ee cf ro quiet splash vt.handoff=7 asset.tag: ATN123456789012 34567 asset.tag: No Asset Tag version: 1.0 MegatrendsInc. :bvrUX32A. 214:bd01/ 29/2013: svnASUSTeKCOMPU TERINC. :pnUX32A: pvr1.0: rvnASUSTeKCOMPU TERINC. :rnUX32A: rvr1.0: cvnASUSTeKCOMPU TERINC. :ct10:cvr1. 0: version: 1.0
DistroRelease: Ubuntu 15.04
Package: systemd 219-7ubuntu4
ProcVersionSign
Uname: Linux 3.19.0-15-generic x86_64
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Sat May 2 15:39:07 2015
InstallationDate: Installed on 2014-10-18 (196 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140923)
MachineType: ASUSTeK COMPUTER INC. UX32A
ProcKernelCmdLine: BOOT_IMAGE=
SourcePackage: systemd
UpgradeStatus: Upgraded to vivid on 2015-04-23 (8 days ago)
dmi.bios.date: 01/29/2013
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: UX32A.214
dmi.board.
dmi.board.name: UX32A
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: 1.0
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTeK COMPUTER INC.
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.name: UX32A
dmi.product.
dmi.sys.vendor: ASUSTeK COMPUTER INC.