From: Mr Dash Four <mr.dash.four-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
To: "Amadeusz Żołnowski" <aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org>
Cc: initramfs <initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH] 90crypt: keys on external devices support
Date: Wed, 20 Oct 2010 16:37:07 +0100 [thread overview]
Message-ID: <4CBF0CA3.1070801@googlemail.com> (raw)
In-Reply-To: <1287586242-sup-9146@etiriah>
> rd.luks.key=<key_path>:<key_dev>:<key_dev_fs>:<luks_dev>
>
I still think the reversed form makes it better (when you look for a
file you first look for a device, then a directory and then the file
itself, not the other way around), but you are the rd.luks.key expert so
it is up to you really how you are going to organise it. :-)
That's my two pence worth.
> But would be cool if you get idea how to do it without extra configs
> from outside. Maybe it's possible to perform some settings guesses on
> run-time?
>
I'll see what I can do - there are (at least) two additional processes
which need to be running (that is it in addition to
pkcs11-tool/pkcs15-tool which is responsible for fetching the key data
from the token itself) and they are all dependant on what is in those
two config files as that would require different modules (.ko files) to
be loaded in order for this operation to succeed.
I have to spend some time and determine what I can leave out (i.e. run a
bare-bones system configuration and start from there). As of right now,
my hunch is that it *may* be possible to specify some core parameters to
be included as part of the rd.luks.token syntax, but I am not at all
sure if that is going to be enough - further analysis is needed, which I
would probably do over the weekend when I have more time (I am not a
student as you, unfortunately ;-) ) ...
>> One other query related to this: if I want to use crypttab for my root
>> (/) partition how is that handled by dracut?
>>
>
> Password support only for now, but I'm gonna extended it.
>
That is the problem though - there is no way you can have crypttab for
root as there is nowhere to put it in, other than outside initrd or
hard-code it in initrd in which case once there it cannot be changed.
For all other partitions the solution is simple - use root, but for
(encrypted) root itself the options are rather limited.
next prev parent reply other threads:[~2010-10-20 15:37 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-19 13:54 [PATCH] 90crypt: keys on external devices support Mr Dash Four
[not found] ` <4CBDA328.40401-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-19 14:19 ` Amadeusz Żołnowski
2010-10-19 14:33 ` Mr Dash Four
[not found] ` <4CBDAC3D.7050906-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 1:24 ` Mr Dash Four
[not found] ` <4CBE44D3.6070000-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 14:12 ` Amadeusz Żołnowski
2010-10-20 14:44 ` Mr Dash Four
[not found] ` <4CBF004F.9070201-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 15:17 ` Amadeusz Żołnowski
2010-10-20 15:37 ` Mr Dash Four [this message]
[not found] ` <4CBF0CA3.1070801-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 16:51 ` Amadeusz Żołnowski
2010-10-21 13:29 ` Karel Zak
[not found] ` <20101021132916.GC22186-sHeGUpI7y9L/9pzu0YdTqQ@public.gmane.org>
2010-10-21 13:54 ` Mr Dash Four
[not found] ` <4CC0462E.20507-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-21 15:18 ` Karel Zak
[not found] ` <20101021151802.GD22186-sHeGUpI7y9L/9pzu0YdTqQ@public.gmane.org>
2010-10-21 15:48 ` Mr Dash Four
[not found] ` <4CC060B3.3050508-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 16:40 ` Amadeusz Żołnowski
2010-10-22 18:34 ` Karel Zak
2010-10-20 13:19 ` Amadeusz Żołnowski
2010-10-20 14:06 ` Mr Dash Four
[not found] ` <4CBEF768.90908-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 14:25 ` Amadeusz Żołnowski
2010-10-20 14:48 ` Mr Dash Four
[not found] ` <4CBF0133.2070709-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 15:26 ` Amadeusz Żołnowski
2010-10-20 15:39 ` Mr Dash Four
2010-10-22 11:50 ` Mr Dash Four
[not found] ` <4CC17A87.7050804-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 17:07 ` Amadeusz Żołnowski
2010-10-23 15:13 ` Mr Dash Four
2010-10-22 11:35 ` dracut Mr Dash Four
[not found] ` <4CC17713.4030504-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 17:13 ` dracut Amadeusz Żołnowski
2010-10-26 11:09 ` dracut Harald Hoyer
[not found] ` <4CC6B6E5.50402-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-10-26 11:23 ` dracut Amadeusz Żołnowski
2010-10-26 11:36 ` dracut Mr Dash Four
2010-10-26 11:26 ` dracut Mr Dash Four
[not found] ` <4CC6BB02.9040901-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-29 21:40 ` dracut Mr Dash Four
2010-10-30 7:57 ` dracut Ambroz Bizjak
[not found] ` <AANLkTinO0edPay_HxUW93Dm2PpHkchxKDC1yezhV-u2K-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-10-30 11:18 ` dracut Mr Dash Four
-- strict thread matches above, loose matches on Subject: below --
2010-07-13 17:14 [PATCH] 90crypt: keys on external devices support Amadeusz Żołnowski
2010-07-21 11:41 ` Harald Hoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CBF0CA3.1070801@googlemail.com \
--to=mr.dash.four-gm/ye1e23mwn+bqq9rbeug@public.gmane.org \
--cc=aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org \
--cc=initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.