Am 18.07.2019 um 17:30 schrieb mark m.roth@5-cent.us:
On a just-built C 7 box, I've got this: boot, boot_efi, /, swap, and export. Now, the last three are encrypted. For /, I'm trying to add an escrow key. df -h shows me that / is /dev/dm-1. However, when I use cryptsetup luksAddKey /dev/dm-1, it just comes back, without prompting me for a password.
What am I missing?
You need the layer of the encrypted device (not the mounted) to perform the luksAddKey command. lsblk -f shows you the stack ...
-- LF