[Pkg-cryptsetup-devel] Bug#465902: Bug#465902: cryptroot remote unlocking on boot feature
Jonas Meurer
jonas at freesources.org
Mon Feb 18 12:31:49 UTC 2008
Hey Chris,
On 18/02/2008 debian at x.ray.net wrote:
> jonas wrote:
>> Ok, so the script will be executed by the initramfs script provided by
>> dropbear?
>
> it has to be called manually after logging in (using it as the login
> shell ofc could be done, but if a real shell is provided this imho
> actually adds quite some more value - i.e. other problems occuring
> during the boot process can be fixed from remote, too), but all in all
> it is (intended to be) called from the shell provided by the dropbear in
> the initramfs, yes.
>
> i.e. machine (re)boots, init starts dropbear, init starts cryptsetup
> which prompts for cryptroot password on console. boot process just sits
> there forever because nobody is at the console. then a log in from
> remote via dropbear, user calls cryptunlock on the shell which calls
> cryptsetup, and if target was unlocked, the cryptsetup which is waiting
> for input at the console is killed and the boot process continues.
The cryptunlock script will be recreated for every dm-crypt target that
uses a passphrase. In other words, cryptunlock has to be invoked for
every required passphrase. Am I correct here?
greetings,
jonas
More information about the Pkg-cryptsetup-devel
mailing list