sarroutbi
commented
11 months ago Yes, you need to bind each device that requires automated unlock separately.
Open dimitrigee opened 11 months ago
sarroutbi
commented
11 months ago Yes, you need to bind each device that requires automated unlock separately.
I am using clevis and tang just fine on a RHEL 8.8 system with an encrypted root device. However, when I encrypt a second device (internal drive) with the same passphrase the system prompts for the passphrase at boot. I have added _netdev flag to crypttab and fstab. However, I did NOT bind the second device to the tang server. Do all additional devices need to be bound independently? If so, I suppose this means there is a functional limit of 8 encrypted devices per system since there are only 8 key slots. Is that right? clevis-luks-askpass service is enabled, but I am not clear on if it is helpful in this case.