[pkg-cryptsetup-devel] Bug#774647: cryptsetup on initramfs does not support key files (resume swap on LVM)
Guilhem Moulin
guilhem at guilhem.org
Wed Dec 9 05:14:10 UTC 2015
Control: merge 776409 -1
Hi,
Yeah, it's because in the initramfs (before pivot_root) the key files
are relative to the real rootfs's mountpoint (/root). Sergio Gelato has
found another workaround [0] using a dummy keyscript.
I'll see how to support this use case natively. As documented in
crypttab(5), “the initramfs hook processes the root device, any resume
devices and any devices with the initramfs option set”, so indeed we
could safely include a keyfile if stored on an encrypted device that's
processed earlier. AFAICT it's mostly a matter of getting the file's
mountpoint and finding out whether the device was already included in
conf.d/cryptroot.
Cheers,
--
Guilhem.
[0] https://bugs.debian.org/776409#74
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20151209/2ed3f0a8/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list