[pkg-cryptsetup-devel] Bug#694342: cryptsetup: include initramfs option for trying already-entered passphrases on each crypted device

zep_debbug at bahj.com zep_debbug at bahj.com
Sun Nov 25 17:32:07 UTC 2012 

Package: cryptsetup
Version: 2:1.4.3-4
Severity: wishlist

I have a laptop with two physical storage devices: an HDD (/dev/sda) and an SSD (/dev/sdb).  I wish to use /dev/sda1 as my root partition and /dev/sdb1 as my swap partition (to which I will hibernate).  I also want these devices to be crypted.  This requires that I maintain two different crypt devices; LVM can't be used to solve this problem.

I have both devices encrypted using the same passphrase.  Currently, I must enter that passphrase twice at boot time.  I would like the ability to enter my passphrase once and have the bootup scripts try that passphrase with each crypted disk; I should only be prompted for a passphrase again if the one I provided failed to unlock at least one of the remaining disks.  This functionality will be useful on any system that wants crypted root and swap on different physical devices.

As a sort of workaround, I am including two files which I have placed in my /etc/initramfs-tools/hooks directory.  These files patch the existing cryptsetup initramfs script when the initramfs is updated.  These files are *not* perfect; they capture the passphrase in an environment variable which, among other things, means that non-interactive passphrases containing null characters would be misrepresented.  I don't intend this workaround to be a permanent fix; I'm just hoping someone else gets some use out of it.  :)

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-3.2.0-4-686-pae root=/dev/mapper/vg0-root ro quiet

-- /etc/crypttab
sda7_crypt UUID=b56e8430-2594-436a-9fba-b91617cdaa5e none luks
sdb2_crypt UUID=9854a64a-0167-4299-aa4e-9a4639c99421 /etc/z_fastswap_key luks


-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/vg0/root   /               ext3    errors=remount-ro 0       1
/dev/vg0/backup /backups        ext3    defaults        0       2
UUID=2c178245-be2c-42f8-a1f3-e1057f68d506 /boot           ext3    defaults        0       2
/dev/vg0/home   /home           ext3    defaults        0       2
/dev/vg0/swap   none            swap    sw              0       0
/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/sdc1       /media/usb0     auto    rw,user,noauto  0       0

-- lsmod
Module                  Size  Used by
ip6table_filter        12492  0 
ip6_tables             17185  1 ip6table_filter
iptable_filter         12488  0 
ip_tables              17079  1 iptable_filter
ebtable_nat            12516  0 
ebtables               17088  1 ebtable_nat
x_tables               18121  5 ebtables,ip_tables,iptable_filter,ip6_tables,ip6table_filter
parport_pc             22036  0 
ppdev                  12651  0 
lp                     12797  0 
parport                31254  3 lp,ppdev,parport_pc
bnep                   17288  2 
rfcomm                 28626  8 
binfmt_misc            12813  1 
uinput                 12991  1 
nfsd                  173714  2 
nfs                   265811  0 
nfs_acl                12463  2 nfs,nfsd
auth_rpcgss            32143  2 nfs,nfsd
fscache                31978  1 nfs
lockd                  57255  2 nfs,nfsd
sunrpc                143961  6 lockd,auth_rpcgss,nfs_acl,nfs,nfsd
loop                   17810  0 
sha256_generic         16709  2 
cbc                    12666  8 
kvm_intel             112329  3 
kvm                   238951  1 kvm_intel
uvcvideo               56896  0 
rts5139               176882  0 
videodev               61658  1 uvcvideo
media                  13692  2 videodev,uvcvideo
snd_hda_codec_hdmi     26319  1 
snd_hda_codec_idt      44792  1 
arc4                   12418  2 
i915                  312053  4 
nouveau               493727  0 
mxm_wmi                12433  1 nouveau
ttm                    42997  1 nouveau
i2c_i801               12670  0 
drm_kms_helper         22699  2 nouveau,i915
snd_hda_intel          21856  3 
drm                   134178  7 drm_kms_helper,ttm,nouveau,i915
iwlwifi               146769  0 
snd_hda_codec          63477  3 snd_hda_intel,snd_hda_codec_idt,snd_hda_codec_hdmi
snd_hwdep              12943  1 snd_hda_codec
btusb                  17278  2 
snd_pcm                53390  4 snd_hda_codec,snd_hda_intel,snd_hda_codec_hdmi
psmouse                54927  0 
coretemp               12770  0 
mac80211              171359  1 iwlwifi
acpi_cpufreq           12807  0 
mperf                  12421  1 acpi_cpufreq
i2c_algo_bit           12713  2 nouveau,i915
iTCO_wdt               16945  0 
i2c_core               19116  7 i2c_algo_bit,drm,drm_kms_helper,i2c_i801,nouveau,i915,videodev
snd_page_alloc         12867  2 snd_pcm,snd_hda_intel
iTCO_vendor_support    12632  1 iTCO_wdt
bluetooth             103750  23 btusb,rfcomm,bnep
cfg80211              117499  2 mac80211,iwlwifi
serio_raw              12803  0 
snd_seq                39487  0 
snd_seq_device         13016  1 snd_seq
snd_timer              22356  2 snd_seq,snd_pcm
snd                    42691  14 snd_timer,snd_seq_device,snd_seq,snd_pcm,snd_hwdep,snd_hda_codec,snd_hda_intel,snd_hda_codec_idt,snd_hda_codec_hdmi
soundcore              12921  1 snd
dell_laptop            16976  0 
crc16                  12327  1 bluetooth
video                  17412  2 nouveau,i915
processor              27565  9 acpi_cpufreq
button                 12817  2 nouveau,i915
dell_wmi               12437  0 
rfkill                 18516  4 dell_laptop,cfg80211,bluetooth
battery                12957  0 
ac                     12552  0 
power_supply           13283  3 ac,battery,dell_laptop
dcdbas                 13080  1 dell_laptop
pcspkr                 12515  0 
sparse_keymap          12680  1 dell_wmi
wmi                    13051  2 dell_wmi,mxm_wmi
evdev                  17225  24 
ext3                  138190  4 
mbcache                12897  1 ext3
jbd                    47281  1 ext3
cryptd                 14125  0 
aes_i586               16608  32 
aes_generic            32970  1 aes_i586
xts                    12557  8 
gf128mul               12922  1 xts
dm_crypt               18039  2 
dm_mod                 57362  19 dm_crypt
sr_mod                 17468  0 
sg                     21476  0 
cdrom                  34813  1 sr_mod
sd_mod                 35425  5 
crc_t10dif             12332  1 sd_mod
usbhid                 31523  0 
hid                    60116  1 usbhid
ahci                   20821  3 
libahci                18308  1 ahci
libata                124981  2 libahci,ahci
crc32c_intel           12659  0 
scsi_mod              134998  5 libata,sd_mod,sg,sr_mod,rts5139
r8169                  41802  0 
mii                    12595  1 r8169
ehci_hcd               35509  0 
thermal                13103  0 
thermal_sys            17752  3 thermal,processor,video
xhci_hcd               67877  0 
usbcore               104470  7 xhci_hcd,ehci_hcd,usbhid,btusb,rts5139,uvcvideo
usb_common             12338  1 usbcore


-- System Information:
Debian Release: wheezy/sid
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.4.3-4
ii  debconf [debconf-2.0]  1.5.46
ii  dmsetup                2:1.02.74-4
ii  libc6                  2.13-35

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.20.0-7
ii  console-setup                           1.87
ii  initramfs-tools [linux-initramfs-tool]  0.109
ii  kbd                                     1.15.3-9

Versions of packages cryptsetup suggests:
ii  dosfstools              3.0.13-1
ii  liblocale-gettext-perl  1.05-7+b1

-- debconf information:
  cryptsetup/prerm_active_mappings: true
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-cryptroot-to-reuse-passphrases
Type: text/x-shellscript
Size: 1261 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20121125/c7c43909/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-cryptroot-to-reuse-passphrases.patch
Type: text/x-diff
Size: 1069 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20121125/c7c43909/attachment.patch>

More information about the pkg-cryptsetup-devel mailing list