Bug#296464: initrd-tools: Asks for a password phrase for crypted disks with r andom keys
On Wed, Feb 23, 2005 at 09:55:16AM +0100, Carsten Grohmann wrote:
> The crypt device initialized by the initrd will not processes
> by /etc/init.d/cryptdisk. This often is OK. But in combination of
> crypted swap devices with random pass phrases, the device have to
> processes by cryptdisk to create a new swap signatur and add it as swap
> space.
Ahh, now I understand.
You enter a bogus password, but the initrd still configures the swap device.
Then, during bootup cryptdisks passes over the swap b/c it is already
configured and does not run mkswap. swapon -a then fails b/c the swap
signature is missing.
> Best solution IMHO: Don't let the initrd initialize crypted swap devices
This is needed for software suspend...
> and also all devices with pass phrases from /dev/random
> and /dev/urandom.
This makes good sense.
So, what seems best to me is to disable configuration of swap when the
crypttab specifies /dev/*random for the key or the 'swap' option. This
breaks software suspend, but with a random key that's not possible anyways.
--
Wesley W. Terpstra
Reply to: