I’ve just upgraded to 4-0-8. On CentOS there was a single LUKS password prompt during boot. Now on SUSE, it prompts per disk. I only have two encrypted disks, but I expect this:
would become a dealbreaking annoyance if you have say, a five-disk RAID.
I expect pretty much all use-cases are like ours in having the same password for all disks. This is assumed in Ubuntu too:
decrypt_keyctl script provides the same password to multiple encrypted LUKS targets, saving you from typing it multiple times
decrypt_keyctl is part of the cryptsetup package. Cryptsetup is also installed in Leap & CentOS, although without decrypt_keyctl.
- We imported our disks from our old CentOS install. Does this multiple-password prompting also happen when you luks-encrypt during Rockstor install?
- Has anyone figured how to configure cryptsetup for single-password decryption in openSUSE? I’d be interested to know the contents of /etc/crypttab if someone out there has luks-encrypted disks in Centos. Seems CentOS defaults just work without further config. So it must be using some way of avoiding duplicate passwords that does not involve decrypt_keyctl. In Ubuntu, you just type keyscript=decrypt_keyctl for each disk in crypttab.
BTW, I need theft-protection, so storing a keyfile on the OS disk is not an option. Also you lose access to all data if OS disk becomes corrupted. IMO keyfile is not a sensible default LUKS option in Rockstor, but this is another topic.