FS#50901 - multi device root support for cryptsetup encrypt hook

Attached to Project: Arch Linux
Opened by Travis (moparisthebest) - Monday, 26 September 2016, 19:14 GMT
Last edited by Dave Reisner (falconindy) - Monday, 26 September 2016, 21:35 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

The cryptsetup encrypt hook does not work when root is on a multiple encrypted devices. My particular use-case is a raid1 btrfs array. This would also apply with some mdadm setups, and probably other things as well.

Attached is my modification of encrypt_hook, it's backwards compatible with the existing script that looks for cryptdevice=, cryptkey=, and crypto= on the linux command line, except it also looks for cryptdevice1=, cryptkey1=, crypto1=, then cryptdevice2=, cryptkey2=, crypto2= etc in that order and sets them up as well. It caches the password in between so if you have one password to decrypt a group of devices it will work with just typing in the single password once.

Full git commit history can be found here:
https://github.com/moparisthebest/archlinux_encrypthook

I've also attached the script to this bug report.
This task depends upon

Closed by  Dave Reisner (falconindy)
Monday, 26 September 2016, 21:35 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#23182 
Comment by Travis (moparisthebest) - Monday, 26 September 2016, 19:23 GMT
Sorry I realize I wasn't exactly clear, it supports unlimited cryptdevice options, it's not hard-coded to only support 3 or anything.
Comment by Dave Reisner (falconindy) - Monday, 26 September 2016, 21:34 GMT
If you need support for multiple devices, you should be using the sd-encrypt hook, which supports an arbitrary number of devices, and much more.

Loading...