Description of problem: Anaconda supports global pass phrase for block device encryption. It should be supported by initscripts as well Version-Release number of selected component (if applicable): initscripts-8.45.20-1 How reproducible: Always Steps to Reproduce: 1. Install a system with 2 or more encrypted block devices. By default anaconda will usea global pass phrase 2. Boot into the new system Actual results: Upon boot the user is required to enter the same pass phrase for every single encrypted device Setting up disk encryption: /dev/sda2 Enter LUKS passphrase: Setting up disk encryption: /dev/sdb1 Enter LUKS passphrase: Expected results: The user should enter the pass phrase once and it should be used to decrypt all other device. In case that fails (i.e. some device is encrypted with other pass phrase) then ask again. Additional info: This is fixed in Rawhide in bug #459191
plymouth is not going in RHEL 5 any time soon, and this really can't be fixed without it.
I'm not asking to port plymouth to RHEL 5 but to instrument some logic in the init script responsible for decrypting partitions. The way I see it is: 1) Ask for passphrase 2) Store the pass phrase into some variable in the script 3) Try to unlock the partition, if fails ask again 4) Repeat 1-3 /optionally accumulate entered passwords and try with all/
That would involve writing entirely separate widgetry just to ask for the password and keep it around, as we're certainly not going to be asking for passphrases in shell code. It's not worth it to do a one-off solution like that for RHEL 5.
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Although Anaconda provides the ability to use a global pass phrase for all encrypted block devices this is not supported from the init process. The user will have to manually enter the pass phrase for every encrypted device when booting the system.
Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Although Anaconda provides the ability to use a global pass phrase for all encrypted block devices this is not supported from the init process. The user will have to manually enter the pass phrase for every encrypted device when booting the system.+On systems with more than two encrypted block devices, anaconda has a option to provide a global passphrase. The init scripts, however, do not support this feature. When booting the system, entering each individual passphrase for all encrypted devices will be required.