On a just-built C 7 box, I've got this: boot, boot_efi, /, swap, and export. Now, the last three are encrypted. For /, I'm trying to add an escrow key. df -h shows me that / is /dev/dm-1. However, when I use cryptsetup luksAddKey /dev/dm-1, it just comes back, without prompting me for a password.
What am I missing?
mark
On Thu, 2019-07-18 at 11:30 -0400, mark wrote:
On a just-built C 7 box, I've got this: boot, boot_efi, /, swap, and export. Now, the last three are encrypted. For /, I'm trying to add an escrow key. df -h shows me that / is /dev/dm-1. However, when I use cryptsetup luksAddKey /dev/dm-1, it just comes back, without prompting me for a password.
What am I missing?
mark
Hi,
Adding keys, the following may help.
https://access.redhat.com/solutions/230993 https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Adding_LUKS_...
Regards
Phil
Am 18.07.2019 um 17:30 schrieb mark m.roth@5-cent.us:
On a just-built C 7 box, I've got this: boot, boot_efi, /, swap, and export. Now, the last three are encrypted. For /, I'm trying to add an escrow key. df -h shows me that / is /dev/dm-1. However, when I use cryptsetup luksAddKey /dev/dm-1, it just comes back, without prompting me for a password.
What am I missing?
You need the layer of the encrypted device (not the mounted) to perform the luksAddKey command. lsblk -f shows you the stack ...
-- LF
-
Leon Fauster -
mark -
Phil Wyett