From: Harald Hoyer <harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Benjamin Kingston <list-ses8GfRmtAZWzAuRflr9/A@public.gmane.org>
Cc: initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: Ignore or blacklist a disk from being brought up on boot
Date: Tue, 27 Aug 2013 11:13:37 +0200 [thread overview]
Message-ID: <521C6DC1.1010702@redhat.com> (raw)
In-Reply-To: <CAHA1JWJpei_FU-2RRZpGdQV7aBCoC=Eud9BgWcFgh=KM0qAcLA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On 08/26/2013 04:03 PM, Benjamin Kingston wrote:
> One more thing to add. There is a systemd target in
> /etc/systemd/system that mentions the ext4 filesystem on the pin
> protected flash drive by uuid
>
> On Mon, Aug 26, 2013 at 6:13 AM, Benjamin Kingston <list-ses8GfRmtAZWzAuRflr9/A@public.gmane.org> wrote:
>> My commandline is as follows:
>> BOOT_IMAGE=/vmlinuz-3.10.9-200.fc19.x86_64
>> root=UUID=b5855018-5b09-4cbd-a7fc-0516dd5e7a0a ro
>> rd.lvm.vg.uuid=gK6vvj-uE7w-E6i0-nZOr-WtbN-cJbJ-gxd82v rd.dm=0
>> rd.luks.uuid=luks-770c95fa-3ce3-4908-a491-8710d679fa68
>> rd.md.uuid=613e00b8:220a6e5b:0caa4d15:e981bbb1
>> rd.md.uuid=01f167fc:5607540d:b2274dec:482834f2 vconsole.keymap=us
>> rd.fips fips=0 intel_iommu=pt rhgb quiet LANG=en_US.utf8
>>
>> The disk never gets mounted to my knowledge. When booted, autofs
>> mounts the disk in /mnt/usb/boot and the /boot folder is a symlink
>> that points there. Inside the initramfs this is duplicated (/boot
>> symlink to /mnt/usb/boot), which contains the encryption keyfile.
>>
>> On Sun, Aug 25, 2013 at 11:23 PM, Harald Hoyer <harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>>> On 08/26/2013 12:58 AM, Benjamin Kingston wrote:
>>>> I have my boot partition on a pin protected flash drive and have
>>>> embedded the encryption keyfile for my filesystem in my initramfs
>>>> image to automate unlocking my computer with just the flash pin. The
>>>> issue with this comes when generating the initramfs through dracut,
>>>> because the boot disk is mounted and listed in /proc/self/mountinfo
>>>> and gets a systemd entry that requires it to be brought online.
>>>>
>>>> Since the keyfile is embedded in the image in ram the boot disk is not
>>>> needed to be brought online, but since the USB is reset, this requires
>>>> me to enter the pin on the flash drive a second time, just to unlock
>>>> the volume to satisfy systemd.
>>>>
>>>> is there a way to ignore a particular device when running dracut, or
>>>> at least change its timeout and systemd status to not be boot
>>>> effecting?
>>>
>>>
>>> What is your kernel cmdline?
>>> Where is the disk mounted in the initramfs?
>>>
Why did you specify rd.fips and probably include the fips module?
Just to get /boot mounted?
next prev parent reply other threads:[~2013-08-27 9:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAHA1JWJisaRVsf2uARPxCN14Fhgu05H9_TxU1zDbyu_3PSbYWA@mail.gmail.com>
[not found] ` <CAHA1JWJisaRVsf2uARPxCN14Fhgu05H9_TxU1zDbyu_3PSbYWA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-25 22:58 ` Ignore or blacklist a disk from being brought up on boot Benjamin Kingston
[not found] ` <CAHA1JWJdqmyoqjs7Cp=HzH9F11xBDqR8bxobi51nPtrPFPir3w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-26 6:23 ` Harald Hoyer
[not found] ` <521AF44D.5030404-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-26 13:13 ` Benjamin Kingston
[not found] ` <CAHA1JWJ79ODLUM7pbjNyeMgVEfcsWeVeHt0roZizYW=CsRzd8w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-26 14:03 ` Benjamin Kingston
[not found] ` <CAHA1JWJpei_FU-2RRZpGdQV7aBCoC=Eud9BgWcFgh=KM0qAcLA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-27 9:13 ` Harald Hoyer [this message]
[not found] ` <521C6DC1.1010702-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-29 8:35 ` Benjamin Kingston
[not found] ` <CAHA1JWL9ZKxxu+ctXA5zcPSz+VKQAFnEW4TNNs6h+J0OiF5ggA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-29 9:02 ` Harald Hoyer
[not found] ` <521F0E3F.7000305-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-30 0:39 ` Benjamin Kingston
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=521C6DC1.1010702@redhat.com \
--to=harald-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=list-ses8GfRmtAZWzAuRflr9/A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.