Boot Encrypted System with Passphrase Prompts In GRUB Only
by PasBern from LinuxQuestions.org on (#6HCVB)
Hi all,
I installed openSUSE Leap 15.5 as a fully encrypted system (except boot partition) over two physical NVMe's.
The partitioning I had left to the installer, assuming the result would be quite OK.
From other distributions I was accustomed to being asked my passphrase by GRUB during the boot process.
openSUSE now asks me twice the passphrase for each physical drive via GRUB. And the again once or sometimes twice after the stage/screen where I am asked whether to start the system or boot into a previous BTRFS snapshot. Don't know what this screen is officially called, all distributions have it in their respective branding.
How can I reduce the number of passphrase prompts to only GRUB? Don't quite understand, why I am asked again as the disks should have been opened.
As for the disk layout
Code:lsblk -o +uuid,partuuid | egrep '(nvme|cr_|NAME)'
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS UUID PARTUUID
nvme0n1 259:0 0 476,9G 0 disk
nvme0n1p1 259:1 0 476,9G 0 part b2f0608c-d19b-448a-a75a-9512defe67dc 64843c0b-1b13-43da-b485-c950722de97c
cr_nvme-nvme.1cc1-324b3435323932514a375941-414441544120535838323030504e50-00000001-part1 254:0 0 476,9G 0 crypt bSkD9A-MZq3-9js4-zsKe-2ZGY-2mdq-k5Kh7k
nvme1n1 259:2 0 931,5G 0 disk
nvme1n1p1 259:3 0 8M 0 part 1e1e8174-68ba-4a77-b5ab-d9332ef9f4c9
nvme1n1p2 259:4 0 931,5G 0 part 37511723-0f7b-4184-8e75-b9e9fe9e6904 1cb7f4f0-325e-4571-96d8-ff969823e32b
cr_nvme-eui.002538b431b8f021-part2 254:1 0 931,5G 0 crypt QIs2YC-o4VY-8UKY-6274-d2xx-9WzS-sflcSO
Here is my fstab in case this should be relevant
Code:cat /etc/fstab
/dev/system/root / btrfs defaults 0 0
/dev/system/root /var btrfs subvol=/@/var 0 0
/dev/system/root /usr/local btrfs subvol=/@/usr/local 0 0
/dev/system/root /tmp btrfs subvol=/@/tmp 0 0
/dev/system/root /srv btrfs subvol=/@/srv 0 0
/dev/system/root /root btrfs subvol=/@/root 0 0
/dev/system/root /opt btrfs subvol=/@/opt 0 0
/dev/system/home /home btrfs defaults 0 0
/dev/system/root /boot/grub2/x86_64-efi btrfs subvol=/@/boot/grub2/x86_64-efi 0 0
/dev/system/root /boot/grub2/i386-pc btrfs subvol=/@/boot/grub2/i386-pc 0 0
/dev/system/swap swap swap defaults 0 0
/dev/system/root /.snapshots btrfs subvol=/@/.snapshots 0 0Here you can see the partitioning:
Code:Dateisystem Typ Griie Benutzt Verf. Verw% Eingehingt auf
devtmpfs devtmpfs 4,0M 0 4,0M 0% /dev
tmpfs tmpfs 4,0M 0 4,0M 0% /sys/fs/cgroup
tmpfs tmpfs 32G 3,5M 32G 1% /dev/shm
tmpfs tmpfs 6,3G 50M 6,2G 1% /run/user/1000
tmpfs tmpfs 13G 202M 13G 2% /run
/dev/mapper/system-root btrfs 479G 72G 407G 15% /
/dev/mapper/system-root btrfs 479G 72G 407G 15% /boot/grub2/i386-pc
/dev/mapper/system-root btrfs 479G 72G 407G 15% /boot/grub2/x86_64-efi
/dev/mapper/system-root btrfs 479G 72G 407G 15% /opt
/dev/mapper/system-root btrfs 479G 72G 407G 15% /root
/dev/mapper/system-root btrfs 479G 72G 407G 15% /.snapshots
/dev/mapper/system-root btrfs 479G 72G 407G 15% /srv
/dev/mapper/system-root btrfs 479G 72G 407G 15% /tmp
/dev/mapper/system-root btrfs 479G 72G 407G 15% /usr/local
/dev/mapper/system-root btrfs 479G 72G 407G 15% /var
/dev/mapper/system-home btrfs 928G 465G 463G 51% /homeThe installer used the entire second NVMe for the system, which is strange to me. Please let me know if further information is required.
Thanks for you hints
I installed openSUSE Leap 15.5 as a fully encrypted system (except boot partition) over two physical NVMe's.
The partitioning I had left to the installer, assuming the result would be quite OK.
From other distributions I was accustomed to being asked my passphrase by GRUB during the boot process.
openSUSE now asks me twice the passphrase for each physical drive via GRUB. And the again once or sometimes twice after the stage/screen where I am asked whether to start the system or boot into a previous BTRFS snapshot. Don't know what this screen is officially called, all distributions have it in their respective branding.
How can I reduce the number of passphrase prompts to only GRUB? Don't quite understand, why I am asked again as the disks should have been opened.
As for the disk layout
Code:lsblk -o +uuid,partuuid | egrep '(nvme|cr_|NAME)'
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS UUID PARTUUID
nvme0n1 259:0 0 476,9G 0 disk
nvme0n1p1 259:1 0 476,9G 0 part b2f0608c-d19b-448a-a75a-9512defe67dc 64843c0b-1b13-43da-b485-c950722de97c
cr_nvme-nvme.1cc1-324b3435323932514a375941-414441544120535838323030504e50-00000001-part1 254:0 0 476,9G 0 crypt bSkD9A-MZq3-9js4-zsKe-2ZGY-2mdq-k5Kh7k
nvme1n1 259:2 0 931,5G 0 disk
nvme1n1p1 259:3 0 8M 0 part 1e1e8174-68ba-4a77-b5ab-d9332ef9f4c9
nvme1n1p2 259:4 0 931,5G 0 part 37511723-0f7b-4184-8e75-b9e9fe9e6904 1cb7f4f0-325e-4571-96d8-ff969823e32b
cr_nvme-eui.002538b431b8f021-part2 254:1 0 931,5G 0 crypt QIs2YC-o4VY-8UKY-6274-d2xx-9WzS-sflcSO
Here is my fstab in case this should be relevant
Code:cat /etc/fstab
/dev/system/root / btrfs defaults 0 0
/dev/system/root /var btrfs subvol=/@/var 0 0
/dev/system/root /usr/local btrfs subvol=/@/usr/local 0 0
/dev/system/root /tmp btrfs subvol=/@/tmp 0 0
/dev/system/root /srv btrfs subvol=/@/srv 0 0
/dev/system/root /root btrfs subvol=/@/root 0 0
/dev/system/root /opt btrfs subvol=/@/opt 0 0
/dev/system/home /home btrfs defaults 0 0
/dev/system/root /boot/grub2/x86_64-efi btrfs subvol=/@/boot/grub2/x86_64-efi 0 0
/dev/system/root /boot/grub2/i386-pc btrfs subvol=/@/boot/grub2/i386-pc 0 0
/dev/system/swap swap swap defaults 0 0
/dev/system/root /.snapshots btrfs subvol=/@/.snapshots 0 0Here you can see the partitioning:
Code:Dateisystem Typ Griie Benutzt Verf. Verw% Eingehingt auf
devtmpfs devtmpfs 4,0M 0 4,0M 0% /dev
tmpfs tmpfs 4,0M 0 4,0M 0% /sys/fs/cgroup
tmpfs tmpfs 32G 3,5M 32G 1% /dev/shm
tmpfs tmpfs 6,3G 50M 6,2G 1% /run/user/1000
tmpfs tmpfs 13G 202M 13G 2% /run
/dev/mapper/system-root btrfs 479G 72G 407G 15% /
/dev/mapper/system-root btrfs 479G 72G 407G 15% /boot/grub2/i386-pc
/dev/mapper/system-root btrfs 479G 72G 407G 15% /boot/grub2/x86_64-efi
/dev/mapper/system-root btrfs 479G 72G 407G 15% /opt
/dev/mapper/system-root btrfs 479G 72G 407G 15% /root
/dev/mapper/system-root btrfs 479G 72G 407G 15% /.snapshots
/dev/mapper/system-root btrfs 479G 72G 407G 15% /srv
/dev/mapper/system-root btrfs 479G 72G 407G 15% /tmp
/dev/mapper/system-root btrfs 479G 72G 407G 15% /usr/local
/dev/mapper/system-root btrfs 479G 72G 407G 15% /var
/dev/mapper/system-home btrfs 928G 465G 463G 51% /homeThe installer used the entire second NVMe for the system, which is strange to me. Please let me know if further information is required.
Thanks for you hints