Unlocking several crypto discs during boot
Xen
list at xenhideout.nl
Sun Oct 15 07:31:13 UTC 2017
Volker Wysk schreef op 15-10-2017 9:03:
> Would you happen to be one of the developers, which look after these
> boot
> process matters?
No I am just a person who does it privately.
Like I said the best solution for me would be a new option in
/etc/crypttab.
In the meantime, I said a keyscript is possible, which basically just
wraps around askpass (Or systemd-askpass or something) but this will not
work in systemd:
https://lists.freedesktop.org/archives/systemd-devel/2014-August/022024.html
Because they want to wait for something more perfect before they
implement a "messy" Debian system.
But in 16.04 a keyscript in your initramfs would certainly be possible;
not sure if they furthered the systemd integration into initramfs since
say 17.04
So getting something done crypttab-wide that actually works post
initramfs is a basic impossibility although Lennart hints that a
distribution could patch this into it.
In the meantime for your system it should be possible to get it working
using a keyscript and there is also a kernel option that can help you
use keyscripts:
https://news.ycombinator.com/item?id=8477862
> Uhh, okay. But I'm not going to dig into the boot process details for
> now.
> I'll just live with having to enter the password twice. And wait for my
> idea
> to get implemented. :-)
Sure. Chances of anything happening are always higher if someone takes
the lead ;-).
I am just saying that:
- a real solution involves something like cryptroot/askpass
- you can simulate a real solution easily using a keyscript
- this would then only be particular to your installation
- to get a real solution that works for everyone and that can ship with
Ubuntu in some future release you would either need a configuration
option in /etc/crypttab by engaging the systemd people or keep it
Debian/Ubuntu specific... Or just use a rough solution of always trying
to unlock everything you can without configuration
- this would never happen for 16.04
So you would be waiting several years. I am just trying to say that this
is not going to happen for an existing release.
I mean the earliest... whatever.
More information about the ubuntu-users
mailing list