[Pkg-cryptsetup-devel] Bug#465902: Bug#465902: Bug#465902: cryptroot remote unlocking on boot feature

David Härdeman david at hardeman.nu
Sat Feb 16 22:04:10 UTC 2008

On Sat, Feb 16, 2008 at 02:37:04AM +0100, debian at x.ray.net wrote:
>the idea is that when the boot process is waiting at the passphrase 
>prompt, it is possible to log in via ssh and manually call a script 
>which prompts for the passphrase, and in case the passphrase is correct 
>and the root-fs is unlocked, kills the process waiting at the console, 
>so the boot process continues.
>i admit that the name 'cryptcreate' for this script is quite 
>unintuitive, so i changed that in the attached new, unified diff: the 
>script's name is now 'unlock' - i hope this is more intuitive.
>the variables will be expanded when the script is written, and as 
>$cryptcreate is already used to store the cryptsetup call, this seemed 
>to me to be the most straightforward way to guarantee that the 
>cryptsetup call to unlock the cryptroot from the shell is identical to 
>the cryptsetup call at the console (and likewise the two crypttarget 
>tests should always test the identical target).


the patch idea looks cool, but I'm wondering if it would perhaps be 
better implemented as a keyscript? See README.initramfs for some 
documentation on how the keyscripts work...ideally that would mean that 
no changes would be necessary to the main cryptsetup initramfs 

David Härdeman

More information about the Pkg-cryptsetup-devel mailing list