Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly

To: maximilian attems <maks@sternwelten.at>
Cc: David Härdeman <david@2gen.com>, 370556@bugs.debian.org
Subject: Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
From: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 7 Jun 2006 14:31:08 -0400
Message-id: <[🔎] 17543.7020.980784.949713@squeak.fifthhorseman.net>
Reply-to: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 370556@bugs.debian.org
In-reply-to: <[🔎] 20060607180624.GB30889@nancy>
References: <[🔎] 20060605210515.9796.44629.reportbug@squeak.fifthhorseman.net> <[🔎] 20060605230523.GJ28353@baikonur.stro.at> <[🔎] 34589.145.64.134.242.1149579104.squirrel@www.hardeman.nu> <[🔎] 20060607180624.GB30889@nancy>

On June 7, maks@sternwelten.at said:

 > On Tue, 06 Jun 2006, David Härdeman wrote:
 >
 > > E.g. for root-on-lvm-on-crypto-on-lvm-on-raid-on-two-hds
 > > rootdeps=/dev/hda,/dev/hdb,/dev/md0,/dev/mapper/basevg-baselv,/dev/mapper/cryptdevice,/dev/mapper/mainvg-rootlv
 > 
 > nack, this adds extra complexity with not much gain.
 > evms is pretty contained and does not need that,
 > also we want to autodetect so far as as possible.

While it does add extra complexity, i don't think this is in conflict
with the goals of autodetection, given that the autodetection could
take place at initramfs-creation time (see my proposal from the
previous e-mail).

 > i would not know of another usage than cryptoroot itself, which is
 > still quite specialized even if easy and fun with luks.

Are you saying that all block device subsystems (with the exception of
cryptroot) are guaranteed to be set up in a pre-determined, static
ordering?  Aren't many of them (dmsetup, lvm, md) essentially ways of
creating new block devices based on existing block devices?  This
implies potential for a shuffled ordering to me, but i'm open to
hearing arguments against it.

If cryptroot is really the only exception (and will remain the only
exception), perhaps we could find a way that cryptroot could advise
the other subsystems what it needs, without forcing the user to
specify by hand, and have cryptroot run two scripts: once before the
chain of other subsystems, and once after the chain, to handle
whichever layer the system is configured to enable the crypted
device.

 > please take care to document for the cryptoroot on lvm user what
 > they need to pass as root param.

This seems like it goes against the goal of autodetecting things as
far as possible.  If we can find a clean way to autodetect the
settings for crypt-on-lvm (or crypt-on-RAID, or crypt-on-evms, etc), i
think it is worth considering.

Having debian transparently support crypted root filesystems on
sophisticated block-device subsystems would be a big win.

Thanks for all your work on this!

	--dkg

Reply to:

References:
- Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
  - From: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
- Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
  - From: maximilian attems <maks@sternwelten.at>
- Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
  - From: David Härdeman <david@2gen.com>
- Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
  - From: maximilian attems <maks@sternwelten.at>

Prev by Date: Re: GCC 4.1 now the default GCC version for etch
Next by Date: Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
Previous by thread: Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
Next by thread: Bug#370556: initramfs-tools: does not handle cryptroot-on-lvm properly
Index(es):
- Date
- Thread