Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 596392

Summary: sys-kernel/genkernel-next initramfs should try to use passphrase when root_key doesn't work
Product: Gentoo Hosted Projects Reporter: Lee Starnes <lee>
Component: genkernel-nextAssignee: Ettore Di Giacinto (RETIRED) <mudler>
Status: RESOLVED OBSOLETE    
Severity: enhancement CC: lxnay
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Lee Starnes 2016-10-07 03:32:56 UTC 
genkernel initramfs should allow users to enter a passphrase for encrypted devices even when root_key is specified but the key it references cannot be found.

Currently, if root_key is given but the key can't be found, the initramfs will ask the user to insert a device that has the matching key and wait up to 10 seconds. If it still cannot find the key after 10 seconds, the initramfs will skip trying to open the encrypted volumes.

Both dracut's crypt module and Arch's mkinitcpio encrypt hook will fall back to using passphrases if they fail to load a keyfile.

A possible workaround that works with genkernel initramfs would be to have two boot entries: one that has root_key set and tries to use a keyfile, and one that does not have root_key set and tries to use a passphrase.

I am currently using =sys-kernel/genkernel-next-64.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-08-20 12:51:01 UTC 
Package removed.