Source: clevis Version: 16-2 Severity: normal I have 2 MD raid devices which are encrypted. /dev/md1 is a PV for LVM which contains basically the root filesystem and separate /var and /tmp filesystems. /dev/md2 is also a PV for LVM contains /home and other filesystems.
I have bound both to the tpm2 pin. /dev/md1 gets succesfully unlocked by the initd.img scripts, but /dev/md2 is not touched there. After the root has been mounted and the cryptdisks-early script runs, that script sees that /dev/md1 has been unlocked, and then proceeds to ask the passphrase for /dev/md2; clevis seems to do nothing for that second device, while it's been bound in an identical manner. I can't find any hints on how to proceed from here, to have the second device also automatically unlocked. Do you have any idea? I can't be the only person with more than one LUKS-encrypted device. PS: dpkg -s clevis-luks ... Description: LUKS integration for clevis This package allows binding a LUKS encrytped volume to a clevis "encrytped" is a typo. Thanks, Paul -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-9-amd64 (SMP w/16 CPU threads) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages clevis depends on: ii cracklib-runtime 2.9.6-3.4 ii curl 7.74.0-1.3+b1 ii jose 10-3 ii libc6 2.31-13+deb11u2 ii libjansson4 2.13.1-1.1 ii libjose0 10-3 ii libpwquality-tools 1.4.4-1 ii libssl1.1 1.1.1k-1+deb11u1 ii luksmeta 9-3 Versions of packages clevis recommends: ii cryptsetup-bin 2:2.3.5-1 clevis suggests no packages. -- no debconf information
