[Pkg-cryptsetup-devel] Bug#465902: Bug#465902: Bug#465902: cryptroot remote unlocking on boot feature
david at hardeman.nu
Sat Feb 16 22:04:10 UTC 2008
On Sat, Feb 16, 2008 at 02:37:04AM +0100, debian at x.ray.net wrote:
>the idea is that when the boot process is waiting at the passphrase
>prompt, it is possible to log in via ssh and manually call a script
>which prompts for the passphrase, and in case the passphrase is correct
>and the root-fs is unlocked, kills the process waiting at the console,
>so the boot process continues.
>i admit that the name 'cryptcreate' for this script is quite
>unintuitive, so i changed that in the attached new, unified diff: the
>script's name is now 'unlock' - i hope this is more intuitive.
>the variables will be expanded when the script is written, and as
>$cryptcreate is already used to store the cryptsetup call, this seemed
>to me to be the most straightforward way to guarantee that the
>cryptsetup call to unlock the cryptroot from the shell is identical to
>the cryptsetup call at the console (and likewise the two crypttarget
>tests should always test the identical target).
the patch idea looks cool, but I'm wondering if it would perhaps be
better implemented as a keyscript? See README.initramfs for some
documentation on how the keyscripts work...ideally that would mean that
no changes would be necessary to the main cryptsetup initramfs
More information about the Pkg-cryptsetup-devel