My latest Slackware install was installed to several LUKS volume groups. Everything unlocks and mounts properly at boot, but the issue is that despite using the same passphrase I must enter that passphrase for each volume group to be unlocked. Ideally, I'd like to enter the passphrase once and have all of these devices unlock without more prompts.

Excuse me if I overlooked prior posts on the topic, but the only advice I'm finding on LQ and elsewhere recommends /etc/crypttab, which I understand to be a feature of systemd distros only. So what is the Slackware Way to unlock multiple devices at boot using a single passphrase? I'm currently using elilo and would prefer to avoid grub if it can be avoided.

You can use /etc/crypttab without a problem on Slackware, too.

1 members found this post helpful.

Oh! That changes everything. (I wonder why there is no man page for crypttab(5)?)

Now if I understand the general approach with /etc/crypttab, the goal is to enter the passphrase for the root (/) device which will contain a keyfile which will be used to unlock the remaining drives in crypttab without prompting me. Do I understand correctly? This is somewhat different than my original goal of trying to temporarily cache the passphrase at boot but the result would be the same.

I'm at work right now and cannot see my laptop's configuration, but you should be able to use a keyfile or a passphrase, what you like AFAIR. Not sure if Slackware current and 14.2 might differ with regard to that. Maybe someone else steps in, I will be able to post my stuff not before 18:00 CET unfortunately.

Just checked the source: Give a password in plain text or the name of a keyfile. Use the keyword "none" to interactively input a password. This seems to be the same for current and 14.2. See https://mirrors.slackware.com/slackw...s/scripts/rc.S

1 members found this post helpful.

After mounting you main encrypted partition defined in /etc/crypttab, you can also mount other encrypted partitions in /etc/rc.d/rc.local using a key file. For example, if you have an encrypted partition in sdb1 and you want to mount in under /data:

# /etc/rc.d/rc.local
cryptsetup --key-file=/home/user/cryptdata.key luksOpen /dev/sdb1 cryptdata
mount /data

# /etc/fstab
/dev/mapper/cryptdata /data ext4 defaults,noauto 1 2

BTW I found that Slackware is the only distribution which handles the password prompt in /etc/crypttab correctly. I can enter a password after an hour and it will work. With other systems if I wait too long (one or two minutes) before entering the password, the system won't boot and I am dropped to a recovery shell. I suspect that this is due to systemd running other things in parallel, but I have no evidence.

I really appreciate the helpful responses and pointers. The more I played with things the more I I realized my question was sparse with information. To make up for it I'll try to document what I ended up doing, since there are a few tricky points worth touching on for anyone who deals with an install as obtuse as mine.

For booting with elilo, I run mkinitrd this way
then copy the appropriate files to /boot/efi/EFI/boot/ (my UEFI system is one of those that finds my EFI partition files effortlessly at that location). The volume group device names for the -r and -h arguments are those returned by lvscan(8), since early in the boot process /dev/mapper/<something>-style names apparently can't be used to refer to these devices. Because I did not setup my root (/) and swap within the same encrypted volume group, I must unlock two devices with the -C argument (i.e., therefore having to type my passphrase twice) just so the resume= device can be found and correctly passed to the kernel. Lesson learned.

With root and swap unlocked, now I can make life a little easier. I went with the common advice of generating a random key file and using it to add an additional key to the LUKS header of each of the devices I unlock with /etc/crypttab, e.g., /home and external hard drives.
Especially with external hard drives, you may find the name of some of your devices differ on each boot (e.g., /dev/sde instead of /dev/sdf). Using UUIDs instead of normal device names avoids this issue.

So in the end, I save myself from needlessly typing a passphrase for each device added to crypttab but can't save myself from wastefully entering it a second time to unlock swap. So ends my small encrypted partition journey.