Hello Everyone
thanks for the team for the their good work
yesterday i installed rocky 8.4 while encrypt the / and swap partition then for the first run after install it require the password for the (/) root partition then it ask for the swap password while both are the same i did not had that before when using Centos 8.3
then for any restart / start the machine it only ask for the encryption password for the / but not the swap but if i insert the (/) root partition in wrong way it ask for the password again which is expected and after that it ask for the swap partition
not sure if that expected or i miss something here
by the way i am using luks version 2 and my installation has only 3 partition / swap and /boot (boot can not be encrypted as you know)
thanks for the time and have a nice day
Hi @JustSomeone!
If you want to use only one password, you have to encrypt an LVM volume group, inluding two logical volume / and swap.
Ivan
1 Like
thanks @krono86 but the issue that when i install it only asked for password once for the encryption if that was the case it should ask for each partition password
the issue is that it ask for swap and / password if i inserted it wrong then it ask for both but if i insert it right it does not ask for the swap only for the root
hope that make it more clear now
thanks again and have a nice day
Have you used “Automatic” or “Custom” partiioning?
Ivan
custom
and the layout are
- /boot
- /
- swap
all are in the same Hard drive
thanks again
Ok!
If you want only one password is needed, be sure to use LVM for both, / and swap.
It’s also necessary that the two logical volumes are part of the same volume group (“rl” into the image):
Under “Volume Group” menu, click on modify and set “Encrypt” enabled:
You will see the changes affect on the swap logical volume too:
Now, I’m pretty sure system will ask for password only one time.
Ivan
that is the case
the main point here
when the device boot
i have to enter the password of the root partition which is fine
if the password is correct then the device boot as it should be
if the password is wrong then i have to retype it which expected but then i have to type the password for the swap partition
which both are same as it only been asked once in the installation process
so it only ask for swap only and only if i type the / password wrong
thanks again for all the time and effort
Ok, now I understand!
I’m on a fresh installed system, and I’m not able to replicate your issue.
When I type a wrong password, I have to retype that only one time.
Ivan
thanks alot @krono86
it will try to dive more into it maybe i miss something
thanks again and have a nice day
Please, report the output of lsblk.
It’s a strange behaviour.
Ivan
sure and thanks a lot for your time
i agree but i am new in linux world that why i was not sure if it bug or new feature or i am missing something
thanks again
Here it is!
You have configured your volumes as LUKS-on-LVM. You need LVM-on-LUKS.
Reinstall the system using my suggestions, you will solve.
Ivan
1 Like
thanks a lot i will try it but i have question
why it behave like that only when i enter wrong password for the root
should not it always ask for both password (/ and swap)
thanks again and have a nice day
This is strange.
Maybe your swap volume is decrypted using a key file stored on the root volume.
When you correctly decrypt root, the key file is found and the swap volume is correctly decrypted; when you type a bad passphrased for root volume, you are prompted for inserting a valid passphrase for the swap volume, and then you have to retype your passphrase for root volume too.
Ivan
the problem when i type it wrong it ask for the root password again then the swap
and is there away to dive into that to trace it
sorry i am not expert in linux world
and thanks a lot for your time and help
Hi @JustSomeone
This is normal behaviour because you create two encrypted partitions instead of encrypting the entire LVM volume group. Had you done it how @krono86 mentioned then you wouldn’t have this problem since you would be entering it solely for the LVM group. Since the group is encrypted, the passwords are not per partition level.
You are not going to fix it by leaving your system as it is. @krono86 provided you with screenshots on how you should be installing the system, and your screenshot shows that it doesn’t match and it’s clear to see that you encrypted root and swap separately.
I too also had it done like you once, and it’s not possible to resolve. Do it the way that has been suggested. In fact, on my system I had encrypted every partition separately like you, also used the same password for each partition, but then it asked me 5 times to enter the password for each partition as I had swap, /, /usr, /var and /tmp and it didn’t matter that the password was the same or not. You are lucky that it does actually attempt to use it for the second partition. Obviously when you entered a failed one, it then forces you to enter for all partitions separately. Only when I encrypted the LVM group did I resolve the problem, so this is the solution.
thanks a lot @iwalker for the details
and thanks for @krono86 also
and have a nice day both of you
1 Like