Dear slackers,

For a year or so now (well, since the release of 14.1 I guess) I have had my main work system as slackware 14.1 on a portable usb 3.0 drive. Since it's easy to lose this it is encrypted according to the section "Combining LUKS and LVM" on README_CRYPT.TXT from the top directory of the slackware tree.

A few extra things were needed which are summarised in the mkinitrd command I used:

I've included extra modules there for usb keyboards so I can enter the passphrase etc. But the thing I'm mainly concerned with is the

part. That's what tells it to unlock /dev/sdb2 using cryptsetup so the root filesystem can be accessed.

This works fine, although luckily all the machines I boot it with only have a single disk, so the usb disk is always allocated /dev/sdb.

What I would *ideally* like to do is refer to the disk by its uuid instead of /dev/sdb. However I haven't been able to work out how to do this. There are various threads discussing doing this with an unencrypted usb disk (by adding things to /etc/fstab) but in the encrypted case I believe it has to happen at this stage.

It was a while ago since I tried this, but from memory one problem was that in the initrd filesystem there was no /dev/disk/by-uuid (although from memory I think there was /dev/disk/by-label, although the funny characters in the labels disagreed with mkinitrd I think); this I found out by exploring at the prompt that was offered during boot when the root filesystem couldn't be found. I tried putting a larger -w value on the mkinitrd command line but it was never populated no matter how long I asked it to wait.

A workaround is to create a different initrd for each possibility (sdb,sdc,sdd, etc) and then (hopefully) select the right one at the boot screen. However it would be nicer to use uuid (my current motivation is that I've just ordered a machine with 4 disks).

Does anyone know if this is (or isn't) possible?

Many thanks,

Michael

Don't know whether the patches resulting from this discussion still apply, but for what it's worth...

http://www.linuxquestions.org/questi...4/#post4629119

It seemed like a good idea to me, don't know why it was never adopted into slackware propper.

Thanks GazL, that thread certainly discusses the exact same issue. It would certainly be a good idea to add that capability.

Another possibility comes to mind. In the README_CRYPT.TXT it also mentions the possibility of compiling a kernel with all the desired capabilities "built in" (i.e. not added as modules). This would avoid the need to use an initrd in the first place. I wonder though how does the kernel go about unlocking the correct device? Does it just scan all available devices? How is lilo then configured?

Cheers,

Michael

To the best of my knowledge, it doesn't. You can build the necessary modules into the kernel for encryption to work without having to include the modules in the initrd, but if you have an encrypted root filesystem, or a rootfs on lvm, you're still going to need an initrd to run cryptsetup and/or vgscan/vgchange -ay to make it accessible during boot.