Well after coming back to look at the problem again I came up with a reasonable work around. Thought I'd post it here for the benefit of others as this post is now the first hit for "serial console luks passphrase" on Google.
From looking into the Serial Console Howto it does indeed seem to be a known issue;
http://tldp.org/HOWTO/Remote-Serial-...s-monitor.html
When you pass the parameters
Code:
console=tty0 console=ttyS0,38400n8
to the kernel, the last defined console device is the only one capable of receiving input and therefore the LUKS passphrase. In the above example that would be the serial console. Fine for the few occasions I restart the server as I can use my serial connected desktop to enter the passphrase.
To allow you to also enter the passphrase on the physical console you simply need to pass the parameters the other way round;
Code:
console=ttyS0,38400n8 console=tty0
However, with this setup you can't enter the passphrase on the serial console; you must have a keyboard and monitor attached instead.
On a Debian system you can use the
defoptions and
altoptions in grub to automatically set this up.
In the file /boot/grub/menu.lst change the line
to
Code:
# defoptions= console=tty0 console=ttyS0,38400n8
This means that all future kernels will be created with the serial console parameters. The LUKS passphrase will be expected on the serial console.
Now also change the lines;
Code:
# altoptions=(Single-User Mode) single
to
Code:
# altoptions=(Use Physical Console) console=ttyS0,38400n8 console=tty0
# altoptions=(Single-User Mode) single
Debian normally creates a single user boot option by default. In the above example we're also setting it to create another boot options with priority to the physical console. The passphrase is expected on the attached keyboard.
Now when you run update-grub it will create three boot options for each installed kernel; like so
Code:
title Debian GNU/Linux, kernel 2.6.18-6-686
root (hd0,0)
kernel /vmlinuz-2.6.18-6-686 root=/dev/mapper/fenris-root ro console=tty0 console=ttyS0,38400n8
initrd /initrd.img-2.6.18-6-686
savedefault
title Debian GNU/Linux, kernel 2.6.18-6-686 (Use Physical Console)
root (hd0,0)
kernel /vmlinuz-2.6.18-6-686 root=/dev/mapper/fenris-root ro console=ttyS0,38400n8 console=tty0
initrd /initrd.img-2.6.18-6-686
savedefault
title Debian GNU/Linux, kernel 2.6.18-6-686 (Single-User Mode)
root (hd0,0)
kernel /vmlinuz-2.6.18-6-686 root=/dev/mapper/fenris-root ro single
initrd /initrd.img-2.6.18-6-686
savedefault
The first (and default one automatically select by the timeout) will take the LUKS passphrase from the serial console. On the rare occasion you start with a physical console attched you can select the second option. The single user mode is kept for emergencies.
You can use
defoptions and
altoptions to automatically add any kernel parameters to newly created kernels, so you could also add things like vga=791. Additionally, it seems to can have numerous
altoptions configurations.
Hope that helps someone.
