Bug#247054: Crypto-root patch updated to initrd-tools 0.1.70
OK, I've now looked at the latest patch which is in the BTS and tested
it on a PowerPC system. A couple of comments:
+»······if dmsetup table $dmname | grep -q crypt; then
I don't think that grep is so great since it would lead to a wrong
result if $mname contained the string "crypt" even thought it wasn't
encrypted. I think we should explicitly look at the 3rd argument of
the table line. Maybe something like:
if [ "`dmsetup table disk | awk ' { print $3 } '`" = "crypt" ]; then
Maybe someone can come up with a nicer command for this.
+ devname=$(grep -m 1 "^$dmname[[:space:]]" /etc/crypttab | sed 's/^[^[:space:]]*[[:space:]]\([^[:space:]]*\).*/\1/')
This line assumes that there is only _one_ space between the dm name
and the device. Adding a * solves this, though.
With those two changes, I've been able to boot from an encrypted root
on PowerPC. Nice!
I'd like to hear from Wesley before I'll apply this in SVN, but I
think it looks ok. Also, I'd really like someone to give me an
example script to mount secret keys from a USB stick. I'll also have
to see whether LVM on top of crypto works. I think I saw a problem
with this.
--
Martin Michlmayr
http://www.cyrius.com/
Reply to: