[systemd-devel] [PATCH] cryptsetup-generator: support rd.luks.key=keyfile:keyfile_device

Lennart Poettering lennart at poettering.net
Fri Apr 24 02:06:36 PDT 2015


On Thu, 23.04.15 21:04, Dimitri John Ledkov (dimitri.j.ledkov at intel.com) wrote:

> On 23 April 2015 at 13:08, Lennart Poettering <lennart at poettering.net> wrote:
> > On Thu, 23.04.15 19:33, Andrei Borzenkov (arvidjaar at gmail.com) wrote:
> >
> >> > > > What does this actually do? Is the specified key file read from the
> >> > > > specified device?
> >> > >
> >> > > It reads keyfile from filesystem on device identifed by keyfile_device.
> >> > >
> >> > > >                  The order of keyfile:device sounds weird, no?
> >> > > > Shouldn't it be the other way round?
> >> > > >
> >> > >
> >> > > keyfile is mandatory, keyfile_device is optional and can be omitted. I
> >> > > believe dracut looked at all existing devices then. This order makes
> >> > > it easier to omit optional parameter(s).
> >> >
> >> > Well, whether it is [device:]file or file[:device] is hardly any
> >> > difference for the parser...
> >>
> >> Does it really matter?
> >
> > Well, we might as well implement this in the most obvious way if it is
> > not a completely standard feature yet. To me it appears that only one
> > initrd supported it, and it lost it a while back without too much
> > complaining...
> >
> > But anyway, I don't mind too much. The
> >
> 
> debian's initramfs-tools, but not ubuntu's, support keyfile on
> usb-disk for unlocking luks volumes.
> 
> the exact name of the option and semantics to specify it to
> initramfs-tools is different from dracut's (but that's typical) but
> said equivalent feature does exist in the major other initramfs
> implementation.

What's the syntax of Debian's initrd for this?

I mean, if their syntax makes more sense, we might standardise on theirs...

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list