--- encrypt_hook~ 2011-10-25 12:27:05.903895204 +0200 +++ encrypt_hook 2011-10-25 12:43:58.031745369 +0200 @@ -41,6 +41,7 @@ run_hook () DEPRECATED_CRYPT=0 cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)" cryptname="$(echo "${cryptdevice}" | cut -d: -f2)" + cryptoptions="$(echo "${cryptdevice}" | cut -d: -f3)" else DEPRECATED_CRYPT=1 cryptdev="${root}" @@ -52,13 +53,28 @@ run_hook () echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." } + OLDIFS="${IFS}" + IFS="," + for cryptopt in ${cryptoptions}; do + case ${cryptopt} in + allow-discards) + echo "Enabling TRIM/discard support." + cryptargs="${cryptargs} --allow-discards" + ;; + *) + echo "Encryption option '${cryptopt}' not known, ignoring." >&2 + ;; + esac + done + IFS="${OLDIFS}" + if poll_device "${cryptdev}" ${rootdelay}; then if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated dopassphrase=1 # If keyfile exists, try to use that if [ -f ${ckeyfile} ]; then - if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then + if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then dopassphrase=0 else echo "Invalid keyfile. Reverting to passphrase." @@ -70,7 +86,7 @@ run_hook () echo "A password is required to access the ${cryptname} volume:" #loop until we get a real password - while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do + while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do sleep 2; done fi @@ -90,7 +106,7 @@ run_hook () err "Non-LUKS decryption not attempted..." return 1 fi - exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}" + exe="/sbin/cryptsetup create ${cryptname} ${cryptdev} ${cryptargs}" tmp=$(echo "${crypto}" | cut -d: -f1) [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\"" tmp=$(echo "${crypto}" | cut -d: -f2)