[pkg-cryptsetup-devel] Bug#475838: cryptsetup: Would like to use decrypt_derived with a source mapping other than that of the root filesystem
Jonas Meurer
jonas at freesources.org
Mon Sep 28 10:56:18 UTC 2009
Hello,
> I only have /home encrypted, not the root filesystem... my crypttab
> looks like this:
>
> durandal-home_crypt /dev/mapper/durandal-home none luks
> durandal-swap_crypt /dev/mapper/durandal-swap durandal-home_crypt cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,keyscript=/lib/cryptsetup/scripts/decrypt_derived
>
> However the initramfs hooks only include the durandal-swap_crypt in the
> initramfs, thus I get an error, "decrypt_derived: failed to find
> durandal-home_crypt in dmtable" at boot time.
yes, the initramfs cryptroot hook doesn't detect devices from which swap
key is derived by default. the applied (but yet untested) patch should
fix this. please apply it against
/usr/share/initramfs-tools/hooks/cryptroot, regenerate your initramfs
with 'update-initramfs -u', and report back whether it works.
> Alternatively, if there is another way to set up encrypted swap so that
> I can hibernate to it, I would love to hear it. :)
as already mentioned in buglog, you could inverse the order and derive
the key for encrypted home from encrypted swap instead. that should work
out of the box.
greetings,
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20090928/3da65c9f/attachment.pgp>
More information about the pkg-cryptsetup-devel
mailing list