fai and cryptsetup
Michael Tautschnig
mt at debian.org
Sun Sep 26 01:00:46 CEST 2010
Hi Patrick,
Thanks a lot for providing very detailed information.
[...]
>
> Well, it would be a nice start to be able to specify a passphrase in the
> disk_config. Shouldn't be that hard, I guess.
> On implementation side its possible to feed the passphrase with the aid
> of yes to cryptsetup, e.g. something like this:
>
Indeed, it was easy :-) - as of 4.0~beta2+experimental17 you should be able to
use
luks:"Your passphrase" / ...
instead of just "luks" to get a device encrypted with the passphrase of your
choice. The crypttab then has "none" for the keyfile name, which should make it
ask you for a passphrase at bootup. Big fat WARNING: this is untested, but
testing would be much appreciated :-)
[...]
>
> It currently almost works. Fresh installed system now asks for the
> passphrase, accepts it and unlocks the rootdev. Unfortunately the initrd
> scripts don't seem to understand that it now has to re-initialize the
> LVM volume groups so that the rootdev is actually available.
>
[...]
If you figure out how to make things work, please share your insights. Maybe we
can add some code to FAI to make it work out-of-the-box.
Hope this helps,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20100926/3181b7f3/attachment.bin
More information about the linux-fai
mailing list