Right now (or soon), when CEX is enabled in the boot_device sugar, the user also has to add an rd.luks.key karg using either an Ignition karg (on non-OpenShift variants), or an OpenShift/MCO-level karg (on OpenShift; those are different right now -- the MCO has its own kargs logic and doesn't yet use Ignition kargs for first boot).
This unnecessarily incurs an additional reboot (in the case of non-OpenShift variants, upfront, in the case of OpenShift variants, by the MCO). Instead, we should probably have rdcore rootmap inject this karg like it does other LUKS-related kargs.
See:
Right now (or soon), when CEX is enabled in the
boot_devicesugar, the user also has to add anrd.luks.keykarg using either an Ignition karg (on non-OpenShift variants), or an OpenShift/MCO-level karg (on OpenShift; those are different right now -- the MCO has its own kargs logic and doesn't yet use Ignition kargs for first boot).This unnecessarily incurs an additional reboot (in the case of non-OpenShift variants, upfront, in the case of OpenShift variants, by the MCO). Instead, we should probably have
rdcore rootmapinject this karg like it does other LUKS-related kargs.See: