| Summary: | sys-kernel/genkernel should support plain dm-crypt | ||
|---|---|---|---|
| Product: | Gentoo Hosted Projects | Reporter: | Maxim Fomin <maxim> |
| Component: | genkernel | Assignee: | Gentoo Genkernel Maintainers <genkernel> |
| Status: | UNCONFIRMED --- | ||
| Severity: | normal | CC: | tsmksubc |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Without plain dm-crypt support booting can be made by dropping to rescue shell and typing cryptsetup commands manually (if LVM is used, also one should execute vgchange -a). This is additional evidence that plain dm-crypt limitation is arbitrary and non-technical. |
genkernel as of version 3.4.52.4 does not support booting from plain dm-crypt partition, it supports only LUKS extension. This restriction is completely arbitrary and is not technical. LUKS is extension of plain dm-crypt and if LUKS works, plain dm-crypt should also work. Tools in other distributions, like mkinitcpio do support plain dm-crypt. Support for LUKS is implemented in /usr/share/genkernel/defaults/initrd.scripts in functions openLUKS() and startLUKS(). [CODE] cryptsetup isLuks ${LUKS_DEVICE} if [ $? -ne 0 ] then bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT} DEV_ERROR=1 [/CODE] [CODE] crypt_filter "${gpg_cmd}cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" [/CODE] As it can be seen, the script declines to work with plain dm-crypt. In order to support plain dm-crypt, the script should call 'isLuks' only for luks partitions and the script should look for more options in boot cmdline: hash, cipher, key size, key offset and IV shift. For example, mkinitcpio tool uses following format: cryptdevice=/dev/sdXXX crypto=hash:cipher:key_size:partiton_offset:IV_offset