FS#50901 - multi device root support for cryptsetup encrypt hook
Attached to Project:
Arch Linux
Opened by Travis (moparisthebest) - Monday, 26 September 2016, 19:14 GMT
Last edited by Dave Reisner (falconindy) - Monday, 26 September 2016, 21:35 GMT
Opened by Travis (moparisthebest) - Monday, 26 September 2016, 19:14 GMT
Last edited by Dave Reisner (falconindy) - Monday, 26 September 2016, 21:35 GMT
|
Details
The cryptsetup encrypt hook does not work when root is on a
multiple encrypted devices. My particular use-case is a
raid1 btrfs array. This would also apply with some mdadm
setups, and probably other things as well.
Attached is my modification of encrypt_hook, it's backwards compatible with the existing script that looks for cryptdevice=, cryptkey=, and crypto= on the linux command line, except it also looks for cryptdevice1=, cryptkey1=, crypto1=, then cryptdevice2=, cryptkey2=, crypto2= etc in that order and sets them up as well. It caches the password in between so if you have one password to decrypt a group of devices it will work with just typing in the single password once. Full git commit history can be found here: https://github.com/moparisthebest/archlinux_encrypthook I've also attached the script to this bug report. 
encrypt_hook
(6.5 KiB)
|
This task depends upon
Closed by Dave Reisner (falconindy)
Monday, 26 September 2016, 21:35 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#23182
Monday, 26 September 2016, 21:35 GMT
Reason for closing: Duplicate
Additional comments about closing:
Comment by
Travis (moparisthebest) - Monday,
26 September 2016, 19:23 GMT
Sorry I realize I wasn't exactly clear, it supports unlimited
cryptdevice options, it's not hard-coded to only support 3 or
anything.
Comment by
Dave Reisner (falconindy) - Monday,
26 September 2016, 21:34 GMT
If you need support for multiple devices, you should be using the
sd-encrypt hook, which supports an arbitrary number of devices,
and much more.