[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#247054: Crypto-root patch updated to initrd-tools 0.1.70

On Sun, Nov 28, 2004 at 07:20:00PM +0100, Loïc Minier wrote:
>  mkinitrd now behaves correctly here, but it asks for a passphrase on
>  boot, where I did not want this behavior.

How else should it decrypt your root filesystem?

>  I'm using /dev/urandom as a key file, and I'm not interested in using a
>  real key protected by a password.

Or... do you mean swap is protected?

Ahhh, yes. This setting up of swap in mkinitrd should probably just be
turned off. It used to work with 'swsusp', but that is no longer in debian
kernels. So, why configure swap at all?

If mkinitrd doesn't attempt to configure swap, this problem will vanish.

PS. I am presently cleaning up a patch to mount. This patch allows it to use
use dmcrypt directly and therefore /etc/crypttab will be obsolete. The new
system is much simpler, you keep in your /etc/fstab:

/dev/muffin/root /     reiserfs defaults,dmname=root                            0 0
/dev/muffin/home /home reiserfs defaults,keyfile=/etc/keys/home,dmname=home     0 0
/dev/muffin/usr  /usr  reiserfs defaults,keyfile=/etc/keys/usr,dmname=usr       0 0
/dev/muffin/opt  /opt  reiserfs defaults,keyfile=/etc/keys/opt,dmname=opt       0 0
/dev/muffin/swap swap  swap     swap,keyfile=/etc/keys/swap,dmname=swap         0 0

Or something similar.

The mtab shows:
/dev/mapper/muffin-root / reiserfs rw,dmname=root 0 0
/dev/mapper/muffin-home /home reiserfs rw,dmname=home,keyfile=/etc/keys/home 0 0
/dev/mapper/muffin-usr /usr reiserfs rw,dmname=usr,keyfile=/etc/keys/usr 0 0
/dev/mapper/muffin-opt /opt reiserfs rw,dmname=opt,keyfile=/etc/keys/opt 0 0

While /proc/mounts shows:
/dev2/root2 / reiserfs rw 0 0
/dev/mapper/home /home reiserfs rw 0 0
/dev/mapper/usr /usr reiserfs rw 0 0
/dev/mapper/opt /opt reiserfs rw 0 0
/dev/muffin/scratch /local reiserfs rw 0 0

This change will let me close nearly all the open bugs on cryptsetup. =)
However, it will mean that mkinitrd-tools will need a pair more tests to
detect the encrypted root disk.

Wesley W. Terpstra

Reply to: