Bug#358452: [Pkg-cryptsetup-devel] Bug#358452: initramfs cryptroot
functionality
David Härdeman
david at 2gen.com
Mon May 8 20:42:59 UTC 2006
On Wed, May 03, 2006 at 06:07:53PM +0300, Riku Voipio wrote:
>On Tue, May 02, 2006 at 12:21:25AM +0200, Jonas Meurer wrote:
>> how about this from README.initramfs, also from the svn repository:
>
>> > 5. LUKS support
>> > ---------------
>> > If you are using the LUKS feature of cryptsetup, the above recipe should
>> > still work without any changes. However, you can then remove the cipher,
>> > size and hash arguments in /etc/crypttab as they will be automatically
>> > derived from the information stored in the luks header on-disk.
>
>> i don't know the initramfs implementation very well, David Härdeman has
>> done all the work. but at least the documentation sounds like exactly
>> what you suggested is already done.
Riku is right, and David should fix this :)
>If you remove cipher and hash arguments from /etc/crypttab, the
>initramfs hook script will not copy the cipher and hash kernel
>modules to initramfs. That is what my patch fixes.
>
>cryptsetup itself does not need cipher/hash as command line parameters,
>but the kernel needs the modules badly.
Using cryptsetup status is probably a good idea.
Unfortunately, simply changing the module detection to use cryptsetup
status does not work in the installer as the cryptsetup devices are not
available in the /target chroot.
I'll need to take a look at this, d-i might have to add the modules
manually to /etc/mkinitramfs/modules, or perhaps all crypto modules
should be included (in keeping with the mkinitramfs tradition which
seems to be to try to create as general an image as possible).
Regards,
David
More information about the Pkg-cryptsetup-devel
mailing list