-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-8.10, rhel-9.5, rhel-10.0, eln
-
None
-
rear-2.6-27.el9
-
No
-
Moderate
-
1
-
rhel-base-utils-core
-
ssg_core_services
-
0
-
False
-
False
-
-
None
-
BaseUtilsC Sprint CY25_00
-
Unspecified
-
Unspecified
-
Unspecified
-
None
See PR 3430 for issue and long description.
Steps to reproduce
- Install a QEMU/KVM (in UEFI if binding against the TPM) and root device hosting LVM VG encrypted
- Either attach a TPM2 device and bind the encrypted device to it
# yum -y install clevis-pin-tpm2.x86_64 # clevis luks bind -f -d /dev/vda3 tpm2 '{"pcr_ids":"7"}'
- Or add a new key to the device using "pbkdf2" algorithm
# cryptsetup luksAddKey --force-password --pbkdf=pbkdf2 /dev/vda3
- Create rescue ISO
Expected results
Only 1 line for "crypt" parameters:
crypt /dev/mapper/luks-157c516f-a8a8-48f2-9b79-082ea905d73b /dev/vda3 type=luks2 cipher=aes-xts-plain64 key_size=512 hash=sha256 uuid=157c516f-a8a8-48f2-9b79-082ea905d73b
Actual results
Getting 2 lines for "crypt" parameters, which breaks recovery:
crypt /dev/mapper/luks-157c516f-a8a8-48f2-9b79-082ea905d73b /dev/vda3 type=luks2 cipher=aes-xts-plain64 key_size=512 hash=sha256 sha256 uuid=157c516f-a8a8-48f2-9b79-082ea905d73b
- relates to
-
RHEL-108114 Multiple LUKS keyslots not preserved
-
- In Progress
-
- links to
-
RHBA-2025:153608 rear update