Re: [Libguestfs] [PATCH common v2 3/3] options: Allow default --key parameters.

Hi Rich and Pino, Commenting after a test. I've installed a RHEL 7 virtual machine with 2 disks, using the graphical installer. During the installation, I selected the 2 disks as well as encryption checkbox. It asked me for only one password. After the installation, when the machine boots, it asks for the password (showing a device UUID) only once. When connected as root, I can see that there are indeed 2 encrypted partitions: /dev/sda2 and /dev/sdb1, which are used as LVM PVs. They both use the same encryption key, but the initramfs only prompts once, which is the behavior proposed by Rich. So, I pushed the test a little more and added 2 disks to the virtual machine and manually configured LUKS (luksFormat, etc...), with the same passphrase, but different from the one provided during the installation. I added the disks to /etc/crypttab and at boot I'm asked to provide 3 passphrases: 1 for the initial devices and 1 per additional disk. This is similar to Pino's fully deterministic approach. I then realized that I had encrypted the whole device, while the installation had created partitions. So, I added 2 other disks and partitioned them and encrypted them with the same passphrase, but a 3rd one. This time, I'm asked for 5 passphrases, confirming that it doesn't try the passphrase against more than one device.

But that doesn't explain why it asks for only one passphrase for the initial devices. The LVM VG is configured with 2 PVs: /dev/sda2 and /dev/sdb1. Maybe it's considered as a single unit. I would need to dig deeper, but it's late. So, the conclusion is that in the real world, we find both cases: 1 key for multiple devices with a single prompt, and 1 identical key for multiple devices with N prompts. @Richard W.M. Jones <rjones(a)redhat.com&gt;, do you think it's possible to add the ability to provide the UUID instead of /dev/sdxN ? We could document that the list of devices and UUIDs can be retrieved from lsblk and blkid.