fai and cryptsetup

Michael Tautschnig mt at debian.org
Sun Sep 26 01:00:46 CEST 2010


Hi Patrick,

Thanks a lot for providing very detailed information.

[...]

> 
> Well, it would be a nice start to be able to specify a passphrase in the
> disk_config. Shouldn't be that hard, I guess.
> On implementation side its possible to feed the passphrase with the aid
> of yes to cryptsetup, e.g. something like this:
> 

Indeed, it was easy :-) - as of 4.0~beta2+experimental17 you should be able to
use

luks:"Your passphrase" / ...

instead of just "luks" to get a device encrypted with the passphrase of your
choice. The crypttab then has "none" for the keyfile name, which should make it
ask you for a passphrase at bootup. Big fat WARNING: this is untested, but
testing would be much appreciated :-)

[...]

> 
> It currently almost works. Fresh installed system now asks for the
> passphrase, accepts it and unlocks the rootdev. Unfortunately the initrd
> scripts don't seem to understand that it now has to re-initialize the
> LVM volume groups so that the rootdev is actually available.
> 

[...]

If you figure out how to make things work, please share your insights. Maybe we
can add some code to FAI to make it work out-of-the-box.

Hope this helps,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20100926/3181b7f3/attachment.bin 


More information about the linux-fai mailing list