[pkg-cryptsetup-devel] Bug#629236: cryptsetup: initramfs cryptroot mdadm support

Alexander Kurtz kurtz.alex at googlemail.com
Wed Aug 17 17:38:50 UTC 2011


This is a tiny script running in the initrd unlocking your LUKS volumes.

Unlike the scripts provided by the cryptsetup package, this scripts runs
before Software-RAID initialization and needs no configuration when
using standard passphrase-based LUKS volumes. You'll only need to enter
your passphrase once when using it for multiple volumes.

This script is very useful when building an unencrypted Software-RAID on
top of encrypted volumes instead of doing it the other way round. This
has significant performance advantages in combination with SMP machines.

Hope this helps

Alexander Kurtz

PS: If anybody wants to distribute this, consider it GPL-2+ 'ed ;-)

==> /etc/initramfs-tools/hooks/cryptgroup <==
#!/bin/sh -e

if [ "${1}" = "prereqs" ]; then
	exit 0

. /usr/share/initramfs-tools/hook-functions

copy_exec /sbin/blkid
copy_exec /sbin/cryptsetup
force_load dm_crypt

==> /etc/initramfs-tools/scripts/init-premount/cryptgroup <==
#!/bin/sh -e

if [ "${1}" = "prereqs" ]; then
	exit 0

for uuid in `blkid -o value -s UUID -t TYPE=crypto_LUKS`; do
	for try in 1 2 3; do
		for passphrase in "${@}"; do
			echo "${passphrase}" | cryptsetup luksOpen "/dev/disk/by-uuid/${uuid}" "${uuid}-plain" && break 2
		read -p "Enter passphrase for UUID=${uuid}: " -s passphrase; echo
		set -- "${passphrase}" "${@}"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20110817/0a791f43/attachment.pgp>

More information about the pkg-cryptsetup-devel mailing list