Hello, I am new to the community and I hope that someone has a tip that helps me further.
I have been working for some years with CentOS and now switched to Almalinux. I installed Almalinux9.3 and created with the installer the following non-LVM-partitions:
- /boot (unencrypted)
- /boot/efi (unencrypted)
- /swap (LUKS2 encrypted)
- /home (LUKS2 encrypted)
- / (LUKS2 encrypted)
- /tmp (LUKS2 encrypted)
- /var (LUKS2 encrypted)
- /var/tmp (LUKS2 encrypted)
- /var/log (LUKS2 encrypted)
- /var/log/audit (LUKS2 encrypted)
- /dev/shm (LUKS2 encrypted)
CIS Benchmark Workstation Level 2 is activated
- I created a keyfile /crypttab.key
- cryptsetup luksAddKey UUID=f167e0cf-6f91-4ce6-8b52-f9109cf6abef /crypttab.key for all partitions
- now there are two key slots present for each partition
- I edited the /etc/crypttab for each LUKS partition (9 rows): luks-f167e0cf-6f91-4ce6-8b52-f9109cf6abef UUID=f167e0cf-6f91-4ce6-8b52-f9109cf6abef /crypttab.key luks
- echo ‘install_items=“/crypttab.key /etc/crypttab”’ > /etc/dracut.conf.d/99-MyMachine.conf
- dracut -f
After a boot, the prompt for the passphrase still appears.
What I am doing wrong? I tried with some other paths for the key-file, but no success.