During boot I *sometimes* get asked to the password to my LUKS partitions. I did not set up anything (I don't want to be asked at boot) but the main problem is that this does not happen during every boot. I have booted without splash and the password was asked before other filesystems were mounted (before the "press I for interactive mode" part) so I don't really understand what exactly could want to mount LUKS at that point...
Yes, I see this too - dracut seems to ask for every device which it detects as LUKS device... I have for example /dev/sda3 as testing partition (not in crypttab, no fs there) and it asks for password during boot. Not a cryptsetup problem, reassigning to dracut.
Add "rd_NO_LUKS" to the kernel command line, if you don't want to be asked.
And how it will open e.g. encrypted root then?
I think it should open just encrypted root and volumes listed in crypttab and do not touch anything else. Imagine having several encrypted roots, it doesn't make sense to open more than the one you currently boot from.
The other question would be, why does it not ask every time? It only asks randomly... Anyway, I have set up cryptab to not bug me at boot but dracut does not respect this setting, having to configure this twice is not really nice.
(In reply to comment #2) > Add "rd_NO_LUKS" to the kernel command line, if you don't want to be asked. How can I tell the system to always add this automatically, eg after updating a kernel?
Dracut should not open even devices in crypttab, only root and other devices required to boot. Iniscripts can open it later during boot. (Otherwise fresh copy of crypttab have to be present in initrd because it can be on encrypted disk itself.)
Also see bug 524366. Why the dracut should open completely boot-unrelated encrypted devices? If you create new LUKS device on unecrypted system remotely and issue reboot why it should try to open that device? So the system will no longer boot automatically because of waiting for passphrase in boot prompt?
you can restrict dracut .. just add the parameters, which are output by $ sudo dracut-gencmdline rd_DM_UUID=isw_bfadchbffa_Volume0 rd_LVM_VG=VolGroup00 rd_LUKS_UUID=luks-d1b7e28f-bbdf-4e27-a51f-e61c0b56bbc6 This was my first intention for /sbin/new-kernel-pkg to pickup those parameters, though auto-assembly was favored.
this is more like a basic discussion about "auto assembly" vs. "controlled assembly"
(In reply to comment #6) > (In reply to comment #2) > > Add "rd_NO_LUKS" to the kernel command line, if you don't want to be asked. > > How can I tell the system to always add this automatically, eg after updating a > kernel? custom kernel parameters are always copied from the running kernel, so if you specify it, it should be copied to your next kernel entry in grub.conf.
(In reply to comment #8) > Also see bug 524366. > > Why the dracut should open completely boot-unrelated encrypted devices? because it does not know the sequence how to find root in auto mode. > > If you create new LUKS device on unecrypted system remotely and issue reboot > why it should try to open that device? because it does not know the sequence how to find root in auto mode. > > So the system will no longer boot automatically because of waiting for > passphrase in boot prompt? hmm, true, that is a valid reason!
*** This bug has been marked as a duplicate of bug 530898 ***