dm-crypt and boot process

To: debian-devel@lists.debian.org
Subject: dm-crypt and boot process
From: John Goerzen <jgoerzen@complete.org>
Date: Wed, 2 Apr 2008 15:13:10 -0500
Message-id: <[🔎] 200804021513.10307.jgoerzen@complete.org>

Hi,

I've been very happy that the Etch installer supports dm-crypt out of the 
box.  This is a wonderfully nice feature.

Here's my gripe: it gets in the way of unattended boots.  Let's say that you 
have /home as a separate encrypted filesystem on a given machine.  You want 
the machine to be able to boot even if you aren't there -- say because the 
power goes out or something.  But you have a passphrase for /home.

You could set it up with a timeout in crypttab, but here's the rub...  when 
you do that, and the timeout expires, the boot process halts.  You have to 
sit at the console and give the root password, then /etc/init.d/cryptdisks 
start, then proceed.

In a case like this, it seems desirable to have the boot process not be 
interrupted.  If the machine boots without /home, I could at least ssh into 
it as root and fix that problem.

As far as I can tell, there is no way in the installer to indicate this 
preference, and no way in fstab to specify that a failure to find the crypt 
device for a given filesystem should just be ignored, leaving that 
filesystem unmounted.

So I haven't submitted a bug anywhere because I don't know where to do so, or 
if perhaps new code needs to be written to accommodate this scenario.  Does 
anyone know?

Thanks,

-- John

Reply to:

Follow-Ups:
- Re: dm-crypt and boot process
  - From: David Härdeman <david@hardeman.nu>

Prev by Date: Re: file path length in .deb package.
Next by Date: Re: Bug#474016: ITP: desktop-data-model -- a library for Mugshot and Online-Desktop
Previous by thread: Re: Bug#474016: ITP: desktop-data-model -- a library for Mugshot and Online-Desktop
Next by thread: Re: dm-crypt and boot process
Index(es):
- Date
- Thread