FS#6806 - encrypt hook whit root on lvm in encrypted md device

Attached to Project: Arch Linux
Opened by Benoit C (benoitc) - Wednesday, 04 April 2007, 05:34 GMT
Last edited by Thomas Bächler (brain0) - Thursday, 10 May 2007, 18:16 GMT
Task Type Bug Report
Category System
Status Closed
Assigned To Thomas Bächler (brain0)
Architecture All
Severity Low
Priority Normal
Reported Version 0.8 Voodoo
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

It's isn't possible yet to have a root inside lvm on an encrypted md* partition because md device encrypted with lucks isn't open before the system looks for the root.

Find here a patch that fix it. It add a variable "crypto_md" on the boot options. If you set crypto_md=/dev/md1 for example it will ask for the luks password then if I set the root to /dev/mapper/<mylvm>-root it works.
This task depends upon

Closed by  Thomas Bächler (brain0)
Thursday, 10 May 2007, 18:16 GMT
Reason for closing:  Implemented
Additional comments about closing:  works with the cryptdevice= option
Comment by Thomas Bächler (brain0) - Wednesday, 04 April 2007, 18:07 GMT
I thought about something similar recently. You are right, currently only if root= is a luks device, it is opened. I could add a "cryptdevice=" variable that would do this, like "cryptdevice=/dev/md1:somename". The name "crypto_md" is too special. Would that suffice?
Comment by Thomas Bächler (brain0) - Sunday, 29 April 2007, 09:12 GMT
Backup your working mkinitcpio image and replace your /lib/initcpio/hooks/encrypt file with this one:

http://cvs.archlinux.org/cgi-bin/viewcvs.cgi/base/cryptsetup/encrypt_hook?rev=1.3&content-type=text/vnd.viewcvs-markup

Then, rebuild the image. There is an option, used like this: cryptdevice=/dev/md1:somename. It will open the /dev/md1 mapping to /dev/mapper/somename (do NOT use the name "root", unless you want the default behaviour that the luks device is treated as your root device). Report any problems here.

Loading...