[systemd-devel] systemd-encrypt is a little painful

[Lennart Poettering]

On Mo, 07.09.20 13:51, Kai Hendry (hendry at webconverger.com) wrote:

> Hi guys,
>
> After making https://www.youtube.com/watch?v=gh3jkIENmAM I'm
> thinking the install process could be a lot smoother if:
>
> somehow systemd could do the initramfs, i.e. take over mkinitcpio's
> hook role

Hmm, mkinitcpio? That's arch? Does that run systemd inside?

systemd works fine in an initrd. Fedora at least lets systemd run the
initrd (Dracut), and it just works.

> I don't understand why sd-encrypt can't autodiscover the cryto_LUKS
> root partition. Appending a line like: options rw
> rd.luks.name=device-UUID=cryptroot root=/dev/mapper/cryptroot

Hmm, what do you mean by "sd-encrypt"? What's that? There's no
component of that name in systemd upstream. Do you mean
systemd-cryptsetup?

systemd-gpt-auto-generator(8) should be able to automatically find the
root partition for you if you do not specify root=, if you use a boot
loader that communicates to the OS where the ESP was discovered, such
as sd-boot. This requires that the root partition is properly tagged
with the root type uuid for your arch, see the aforementioned man
page. This logic also supports LUKS encryption.

I presume "device-UUID" is not what you actually specify in your
kernel cmdline?

> Furthermore if you get the above line wrong, the emergency systemd
> shell appears completely useless. There is the 1m30s timeout that I
> can never escape, and the emergency shell is confusing and not fit
> for purpose in the sense of correcting the /dev/mapper/cryptroot
> address.

This smells like an issue with your initrd implementation, please ping
them for help.

> If these should be new issues or perhaps they are issues already, then do let me know.
> https://github.com/systemd/systemd/issues?q=sd-encrypt

Hm?

>
> Sidenote: would be cool if a basic en.network could be generated.

Generated, from what? When?

Lennart

--
Lennart Poettering, Berlin