UUID= syntax not recognized by cryptsetup in initrd LUKSDEV
slackware-13.37.
What I'm trying to do is create a USB flash drive which can boot regardless of the drive letter it's assigned. The tty copy below shows that during a boot, cryptsetup isLuks says yes to "cryptsetup isLuks /dev/sdb3" but the same test fails if UUID= syntax is used. / # cryptsetup isLuks UUID="fa649b04-5ede-496f-9168-331161a2b833" Device UUID=fa649b04-5ede-496f-9168-331161a2b833 doesn't exist or access denied but that's the right UUID for the same /dev/sdb3. I can't use /dev/disk/by-uuid/foo because there's no /dev/disk at that stage of the boot. Changing the mkinitrd -C from UUID=foo to /dev/sdb3 gives me a working boot stick but only if the drive's /dev/sdb. I upgraded my 13.37 cryptsetup on the stick from 1.2.0 to 1.4.1 but that didn't change anything. Is there a module I need to load to enable that syntax recognition, perhaps? tty log: Code:
[ 6.724952] sdb: sdb1 sdb2 sdb3 |
http://pastebin.com/vKzYGbHL is a script to create the bootable stick, as far as I've got it. It's been working fine to create a stick that will come up if it's allocated /dev/sdb, or one that will come up if it's allocated /dev/sdc, but the right answer is to eliminate the drive letters and recognize the drive directly. I'm going to have to auto-edit /etc/fstab as well, when I get that far.
I have it in mind that I'm moving a step beyond people showing each other their desktop as a graphic, toward giving each other a full installation. And it makes a pretty good hot backup too. As for fixing my problem, I've read http://www.bluelife.at/blog/articles..._on_USB_Stick/ twice and I expect it's the way to do it but I've not understood what I've read so far. I'll try again. |
From reading the blog I referenced earlier, I think the init script in mkinitrd needs to treat LUKSDEV the same as ROOTDEV's treated here:
Code:
luksdev=/dev/*) Code:
LUKSLIST_DEFERRED="" |
What does your fstab look like? Also is your luks encrypted disk showing up in /dev/mapper?
I have been playing around with luks encrypted volumes today and this is what my /etc/fstab looks like, mind you I'm using centos. Code:
# Also on centos my /etc/crypttab looks like this: Code:
mntcrypt /dev/disk/by-uuid/bf2e807f-fe92-461b-9cde-a19fdd38e034 none |
I ought to have looked before I wrote that about fstab - you're quite right, it has no specific references:
Code:
/dev/jhv/swap swap swap defaults 0 0 When I've got it tested I'll add it to the thread, there's been days with no spare hours since I started it. |
What do they do with Slax? You might be able to do something similar as they do there?
|
It takes a while to find sufficient time to check but I now reckon this works. I can boot my USB stick whether it's /dev/sdb or /dev/sdc and the distinction is made at boot time.
13.37 Slackware /boot/initrd-tree/init Code:
bash-4.1# cat init.diff I note that alienBOB's existing slackware-13.37/README_CRYPT.TXT already allows the main drive to have just one LVM partition on it and nothing else, and to put /boot and (on a vfat partition) the --key-file onto a USB flash drive which can be inserted just to boot and removed before logging in. That's how I'd been running my laptop. This change to /boot/initrd-tree/init now lets me carry a bootable USB flash drive with the LVM partition on it as well, and use it on a range of host PCs. |
Quote:
Code:
98a99,101 |
Adding UUID support to LUKSDEV is definitely a nice idea, but it's not quite as simple as the above.
Since the additon of support for the unlocking of multiple luks devices in the initrd LUKSDEV is now a colon delimited list of devices to be unlocked (though most people don't use this feature).. We need to allow for: luksdev=UUID=wibble-wibble-wibble:UUID=wobble-wobble-wobble. or luksdev=/dev/sda3:UUID=wibble-wibble-wibble ...and so on. Also in theory some of these may not be available for findfs to find in the first pass such as LVM LVs that won't become visible until after the vgscan (that's what the deferred bit is all about), so we need a little extra logic.. I've not tested this, and it's only the work of a few minutes so treat with caution but I think it'll be about right.: Code:
gazl@slackbox:/tmp/mkinitrd$ diff -u init.orig init |
I'm surprised, I thought the line
Code:
for LUKSDEV in $LUKSLIST ; do |
You're right John, it does, but I was referring to that first hunk in the patch outside of the for-loop which wouldn't have behaved correctly to a luksdev parameter such as
luksdev=/dev/sda1:UUID=123-456-789 because it wouldn't have matched the "luksdev=UUID=*" pattern in the 'case' statement. Although that is probably somewhat of a corner case, it's wise to try and cover all the bases. |
Either case matching selects the whole single string for processing, whether the /dev or the /UUID comes first in the list.
eta: I'm sorry,that sounded like point-scoring and it's not meant to be, that's how I discuss code at reviews whether it's mine or someone else's. I'm grateful for the analysis. |
Quote:
And don't worry. I didn't take it as point-scoring. If I've missed something I'd rather people tell me. Thanks for pointing it out. |
All times are GMT -5. The time now is 05:16 AM. |