[systemd-devel] How to express that a device listed in /etc/crypttab depends on a mount point

[Lennart Poettering]

On Mi, 25.09.24 20:55, Andrei Borzenkov (arvidjaar at gmail.com) wrote:

> > An user have /home in a different encrypted partition via pcrlock. After
> > the initrd, during the normal boot process, the systemd-cryptsetup
> > generator is reading this file to open the devices in /dev/mapper/$name.
> > But this is happening before /var gets mounted, and this contains the
> > pcrlock.json file requires to unlock the home device.
> >
> > Is there a way to indicate this dependency for the generator, as a
> > "RequiresMountsFor=" for .mount services or x-systemd.requires= in
> > fstab?
>
> This dependency only exists for pcrlock and only if there are reasons to
> have pcrlock.json in /var and not in /etc by default.

It's not a configuration file, it doesn't belong in /etc/. And that
wouldn't help you if you want encrypted configuration (i.e. an
encrypted root) which I am pretty sure is quite desirable, because
that means a copy of the pcrlock data must be propagated into the
initrd, if pcrlock on rootfs is desired.

Lennart

--
Lennart Poettering, Berlin