[Pkg-cryptsetup-devel] Bug#465902: Bug#465902: Bug#465902: cryptroot remote unlocking on boot feature

[David Härdeman]

On Sat, Feb 16, 2008 at 02:37:04AM +0100, debian at x.ray.net wrote:
>the idea is that when the boot process is waiting at the passphrase 
>prompt, it is possible to log in via ssh and manually call a script 
>which prompts for the passphrase, and in case the passphrase is correct 
>and the root-fs is unlocked, kills the process waiting at the console, 
>so the boot process continues.
>i admit that the name 'cryptcreate' for this script is quite 
>unintuitive, so i changed that in the attached new, unified diff: the 
>script's name is now 'unlock' - i hope this is more intuitive.
>the variables will be expanded when the script is written, and as 
>$cryptcreate is already used to store the cryptsetup call, this seemed 
>to me to be the most straightforward way to guarantee that the 
>cryptsetup call to unlock the cryptroot from the shell is identical to 
>the cryptsetup call at the console (and likewise the two crypttarget 
>tests should always test the identical target).

Hey,

the patch idea looks cool, but I'm wondering if it would perhaps be 
better implemented as a keyscript? See README.initramfs for some 
documentation on how the keyscripts work...ideally that would mean that 
no changes would be necessary to the main cryptsetup initramfs 
scripts...

-- 
David Härdeman