On 14/01/19 02:44 wrote: > I'm not sure that's the case... I mean, it only asked for one password > during the Trisquel 8 installation process, the Full Disk Encryption > password. Maybe it is the case of being necessary to unlock both boot > and swap? > However according to the Parabola guide, it is possible to automate > that process, and I am trying to do that. However it doesn't seem to > work for Trisquel, and that's what I need some help with. I attach a > picture of the second time the system asks for the password.
It goes like this:
-Libreboot asks you for the password for the /boot logical volume,
mounts it and starts the boot process.
-The boot process asks you for the password for the / (root) logical
volume, mounts it and starts the system.
As for why does Libreboot set two separated logical volumes instead
of one in order to get full disk encryption, I can only guess that it is
so because it builds on the more common [non-full] disk encryption
procedure, that encrypts everything except for the /boot logical volume
so the BIOS can read it. Rather than creating a new procedure that
encrypted the entire filesystem in a single logical volume, they take
the already existing procedure and add a second encryption for the /boot
logical volume.
What I can tell you is that you get some error messages that
shouldn't be there. Everything goes right until "Begin: Mounting root
file system...". But then, you get these unexpected messages:
----- Start quote -----
Volume group "grubcrypt" not found
Cannot process volume group grubcrypt
lvmetad is not active yet, using direct activation during sysinit
Volume group "grubcrypt" not found
Cannot process volume group grubcrypt
----- End quote -----
After that, I am surprised to see that the start process continues
without hindrance. You get the prompt for the root logical-volume
password, "Please unlock disk sdb_crypt", mine is different: "Unlocking
the disk ... (sdb1_crypt) Enter passphrase". We are using different
Libreboot versions, yours probably newer than mine.
So, definitely it is not the same password twice, but two passwords
that happen to be the same. But when it comes to your real question,
how to avoid being requested two passwords, I'm sorry that I don't know
about the file option. I never bothered me to introduce two passwords
at each start.
--
Ignacio Agulló · [email protected]
0xC6AB2D51.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
