cryptsetup-generator: introduce basic keydev support

System Internals / systemd - Michal Sekletar [redhat.com] - 4 September 2018 14:54 EDT

Dracut has a support for unlocking encrypted drives with keyfile stored on the external drive. This support is included in the generated initrd only if systemd module is not included.

When systemd is used in initrd then attachment of encrypted drives is handled by systemd-cryptsetup tools. Our generator has support for keyfile, however, it didn't support keyfile on the external block device (keydev).

This commit introduces basic keydev support. Keydev can be specified per luks.uuid on the kernel command line. Keydev is automatically mounted during boot and we look for keyfile in the keydev mountpoint (i.e. keyfile path is prefixed with the keydev mount point path). After crypt device is attached we automatically unmount where keyfile resides.

Example: rd.luks.key=70bc876b-f627-4038-9049-3080d79d2165=/key:LABEL=KEYDEV

70f5f48eb cryptsetup-generator: introduce basic keydev support
man/systemd-cryptsetup-generator.xml | 14 +++++
src/cryptsetup/cryptsetup-generator.c | 105 ++++++++++++++++++++++++++++++++--
2 files changed, 115 insertions(+), 4 deletions(-)

Upstream: github.com


  • Share