Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 631114 - sys-kernel/genkernel should support plain dm-crypt
Summary: sys-kernel/genkernel should support plain dm-crypt
Status: UNCONFIRMED
Alias: None
Product: Gentoo Hosted Projects
Classification: Unclassified
Component: genkernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Genkernel Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-16 08:17 UTC by Maxim Fomin
Modified: 2023-01-10 10:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Maxim Fomin 2017-09-16 08:17:32 UTC
genkernel as of version 3.4.52.4 does not support booting from plain dm-crypt partition, it supports only LUKS extension. This restriction is completely arbitrary and is not technical. LUKS is extension of plain dm-crypt and if LUKS works, plain dm-crypt should also work. Tools in other distributions, like mkinitcpio do support plain dm-crypt.

Support for LUKS is implemented in /usr/share/genkernel/defaults/initrd.scripts in functions openLUKS() and startLUKS().

[CODE]
cryptsetup isLuks ${LUKS_DEVICE}
if [ $? -ne 0 ]
then
bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT}
DEV_ERROR=1
[/CODE]

[CODE]
crypt_filter "${gpg_cmd}cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
[/CODE]

As it can be seen, the script declines to work with plain dm-crypt.

In order to support plain dm-crypt, the script should call 'isLuks' only for luks partitions and the script should look for more options in boot cmdline: hash, cipher, key size, key offset and IV shift.

For example, mkinitcpio tool uses following format:
cryptdevice=/dev/sdXXX crypto=hash:cipher:key_size:partiton_offset:IV_offset
Comment 1 Maxim Fomin 2017-09-16 08:20:54 UTC
Without plain dm-crypt support booting can be made by dropping to rescue shell and typing cryptsetup commands manually (if LVM is used, also one should execute vgchange -a). This is additional evidence that plain dm-crypt limitation is arbitrary and non-technical.