Lennart Poettering on Nostr: 1. you have a fully encrypted root fs, with /var/ being placed on the root fs too 2. ...
1. you have a fully encrypted root fs, with /var/ being placed on the root fs too
2. you have an immutable root fs, but /var/ is mounted writable.
In both these cases using /var/ as the path to search the backing block device for will work, while using / instead would not work for the 2nd case.
Also note, that this mechanism is automatically disabled when a destructive operation is used (i.e. an existing key slot shall be wiped), for robustness reasons.
2. you have an immutable root fs, but /var/ is mounted writable.
In both these cases using /var/ as the path to search the backing block device for will work, while using / instead would not work for the 2nd case.
Also note, that this mechanism is automatically disabled when a destructive operation is used (i.e. an existing key slot shall be wiped), for robustness reasons.