Summary: | Improved LUKS encrypted root support | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | postmodern <brodigan> |
Component: | [OLD] Core system | Assignee: | Gentoo Genkernel Maintainers <genkernel> |
Status: | VERIFIED FIXED | ||
Severity: | enhancement | Keywords: | InVCS |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
linuxrc.patch
linuxrc.patch (professional) initrd.scripts.patch (professional) linuxrc.patch (against genkernel rev 453) initrd.scripts.patch (against genkernel rev 450) patch adding support for resuming from encrypted swap patch adding support for resuming from encrypted swap |
Description
postmodern
2006-10-22 14:46:56 UTC
Created attachment 100240 [details, diff]
linuxrc.patch
Patch to genkernel's linuxrc that adds improved LUKS encrypted root support. Already tested and used on my own systems.
Added to subversion Created attachment 100335 [details, diff]
linuxrc.patch (professional)
I updated the code to be more in-line with the genkernel scripting style. Renamed the variable CRYPT_ROOT to LUKS_ROOT, since we're dealing with only LUKS devices. Also added the function startLUKS to handle the initialization of LUKS devices in a similar fashion as other system media.
This patch is against generic/linuxrc of genkernel-3.4.1.
Created attachment 100336 [details, diff]
initrd.scripts.patch (professional)
Moved the LUKS initialization code into initrd.scripts where all the other media initialization functions reside, so as to follow the genkernel initrd scripting style.
Created the function startLUKS to handle the initialization of LUKS devices. Added the old error-checking/error-messages that the origional LUKS code had.
Since startVolumes can be called twice I added code to check if /dev/device-mapper exists AND /dev/mapper/control does not exist, to prevent needless recreation of the symbolic-link between the two.
This patch is against generic/initrd.scripts of genkernel-3.4.1.
Comment on attachment 100240 [details, diff]
linuxrc.patch
Marked obsolete due to new "professional" patches.
Ehh... patches against 3.4.1 don't help much, since it means I have to edit everything by hand. Got a patch against 3.4.3 + your original patch, instead? Created attachment 100405 [details, diff]
linuxrc.patch (against genkernel rev 453)
Professional linuxrc patch against genkernel svn -r 453.
Created attachment 100407 [details, diff]
initrd.scripts.patch (against genkernel rev 450)
Professional initrd.scripts patch against genkernel svn -r 450.
Updated with the newest patches... thanks... Fixed in 3.4.4 Created attachment 100724 [details, diff]
patch adding support for resuming from encrypted swap
Created attachment 100725 [details, diff]
patch adding support for resuming from encrypted swap
Since I needed support for an encrypted swap device to resume from, I added an additional parameter "crypt_swap", which, if set, opens the given device as "/dev/mapper/swap".
By using "resume2=swap:/dev/mapper/swap" with "crypt_swap", one is able to resume from the encrypted swap device. (Of course, one has to configure the swap device and "/etc/conf.d/cryptfs" accordingly)
In the course of adding support for this, I added the functionality to drop to a shell if cryptsetup fails. Alternatively, one may skip opening the particular device as well.
Attached patch is against genkernel-3.4.4
OK. I've added this patch, too. Please open new bugs for any new patches. |