[pkg-cryptsetup-devel] Bug#629236: cryptsetup: initramfs cryptroot mdadm support
Alexander Kurtz
kurtz.alex at googlemail.com
Wed Aug 17 17:38:50 UTC 2011
Hi,
This is a tiny script running in the initrd unlocking your LUKS volumes.
Unlike the scripts provided by the cryptsetup package, this scripts runs
before Software-RAID initialization and needs no configuration when
using standard passphrase-based LUKS volumes. You'll only need to enter
your passphrase once when using it for multiple volumes.
This script is very useful when building an unencrypted Software-RAID on
top of encrypted volumes instead of doing it the other way round. This
has significant performance advantages in combination with SMP machines.
Hope this helps
Alexander Kurtz
PS: If anybody wants to distribute this, consider it GPL-2+ 'ed ;-)
==> /etc/initramfs-tools/hooks/cryptgroup <==
#!/bin/sh -e
if [ "${1}" = "prereqs" ]; then
exit 0
fi
. /usr/share/initramfs-tools/hook-functions
copy_exec /sbin/blkid
copy_exec /sbin/cryptsetup
force_load dm_crypt
==> /etc/initramfs-tools/scripts/init-premount/cryptgroup <==
#!/bin/sh -e
if [ "${1}" = "prereqs" ]; then
exit 0
fi
for uuid in `blkid -o value -s UUID -t TYPE=crypto_LUKS`; do
for try in 1 2 3; do
for passphrase in "${@}"; do
echo "${passphrase}" | cryptsetup luksOpen "/dev/disk/by-uuid/${uuid}" "${uuid}-plain" && break 2
done
read -p "Enter passphrase for UUID=${uuid}: " -s passphrase; echo
set -- "${passphrase}" "${@}"
done
done
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20110817/0a791f43/attachment.pgp>
More information about the pkg-cryptsetup-devel
mailing list