I have changed genkernel's generic linuxrc to add improved LUKS encrypted root support. Instead of pre-appending real_root with "luks:" I added a new kernel argument "crypt_root". If crypt_root is specified but real_root is empty, real_root defaults to /dev/mapper/root. Otherwise startVolumes is invoked again in case the crypto_root contains LVM2/EVMS partitions which real_root references. I currently use this improved linuxrc script to boot my full hard-disk encrypted Gentoo installs which use LUKS+LVM2.
Created attachment 100240 [details, diff] linuxrc.patch Patch to genkernel's linuxrc that adds improved LUKS encrypted root support. Already tested and used on my own systems.
Added to subversion
Created attachment 100335 [details, diff] linuxrc.patch (professional) I updated the code to be more in-line with the genkernel scripting style. Renamed the variable CRYPT_ROOT to LUKS_ROOT, since we're dealing with only LUKS devices. Also added the function startLUKS to handle the initialization of LUKS devices in a similar fashion as other system media. This patch is against generic/linuxrc of genkernel-3.4.1.
Created attachment 100336 [details, diff] initrd.scripts.patch (professional) Moved the LUKS initialization code into initrd.scripts where all the other media initialization functions reside, so as to follow the genkernel initrd scripting style. Created the function startLUKS to handle the initialization of LUKS devices. Added the old error-checking/error-messages that the origional LUKS code had. Since startVolumes can be called twice I added code to check if /dev/device-mapper exists AND /dev/mapper/control does not exist, to prevent needless recreation of the symbolic-link between the two. This patch is against generic/initrd.scripts of genkernel-3.4.1.
Comment on attachment 100240 [details, diff] linuxrc.patch Marked obsolete due to new "professional" patches.
Ehh... patches against 3.4.1 don't help much, since it means I have to edit everything by hand. Got a patch against 3.4.3 + your original patch, instead?
Created attachment 100405 [details, diff] linuxrc.patch (against genkernel rev 453) Professional linuxrc patch against genkernel svn -r 453.
Created attachment 100407 [details, diff] initrd.scripts.patch (against genkernel rev 450) Professional initrd.scripts patch against genkernel svn -r 450.
Updated with the newest patches... thanks...
Fixed in 3.4.4
Created attachment 100724 [details, diff] patch adding support for resuming from encrypted swap
Created attachment 100725 [details, diff] patch adding support for resuming from encrypted swap Since I needed support for an encrypted swap device to resume from, I added an additional parameter "crypt_swap", which, if set, opens the given device as "/dev/mapper/swap". By using "resume2=swap:/dev/mapper/swap" with "crypt_swap", one is able to resume from the encrypted swap device. (Of course, one has to configure the swap device and "/etc/conf.d/cryptfs" accordingly) In the course of adding support for this, I added the functionality to drop to a shell if cryptsetup fails. Alternatively, one may skip opening the particular device as well. Attached patch is against genkernel-3.4.4
OK. I've added this patch, too. Please open new bugs for any new patches.
