I would like to automatically decrypt /dev/sdb3 at boot with a keyfile located on /dev/sda5 which is a (passphrase-)encrypted partition. By "automatically", I mean "at boot, after being prompt for /dev/sda5 passphrase".
I am on debian stretch, and currently have this setup:
/etc/crypttab:
sda5_crypt UUID=aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa none luks
sdb3_crypt UUID=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb /etc/sdb3_key luks
/etc/fstab:
/dev/mapper/lv_sda5-lv_rootfs / ext4 discard,noatime,nodiratime,errors=remount-ro 0 1
UUID=cccccccc-cccc-cccc-cccc-cccccccccccc /boot ext2 noatime,nodiratime 0 2
/dev/mapper/lv_sdb3-lv_home /home ext4 defaults 0 2
/dev/mapper/lv_sdb3-lv_swap none swap sw 0 0
From now, I get prompted at boot for my passphrase to decrypt /dev/sda5, then I get the following message repeting for about 30 seconds
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
Volume group "lv_sdb3" not found
Cannot process volume group lv_sdb3
Until I eventually get
Gave up waiting for suspend/resume device
/dev/mapper/lv_sda5-lv_rootfs: clean, ...
And my debian boot up perfectly, my /home and SWAP beeing correctly mounted.
How can I correctly achieve that ?
Edit
It seems the problem comes from lvm and isn't related to /etc/crypttab, /etc/fstab. Removing sdb3_crypt entries from /etc/crypttab and /etc/fstab doesn't change the error message loop. (I update-initramfs
and update-grub
for that changes to be repercuted on the /boot/initrd)
Now I'm wondering how the initramfs can be aware that there exists a lv_sdb3 volume group. I set use_lvmetad = 0
in /etc/lvm/lvm.conf, ran pvscan --cache
which only finds lv_sda5 volume group since I did not open /dev/sdb3 LUKS partition. So where does the initramfs reads the /deprecated/ information about lv_sdb3 volume group ?
sdb3
is successfully mounted? So you either need a hint where/how the unlock happens or how to do it properly during boot?