[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20180415232101.qhqjhdlwq4zkwvbf@hjlipp.my-fqdn.de>
Date: Mon, 16 Apr 2018 01:21:02 +0200
From: Hansjoerg Lipp <hjlipp@....de>
To: Gabriel C <nix.or.die@...il.com>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC] Passing luks passphrase from grub to systemd
Hello Gabriel,
On Mon, Apr 16, 2018 at 12:35:33AM +0200, Gabriel C wrote:
> 2018-04-15 21:06 GMT+02:00 Hansjoerg Lipp <hjlipp@....de>:
> > as I'm stuck with a (non-EFI x86_64) system with encrypted root
> > partition, I have to enter the passphrase twice (grub needs it for
> > getting the kernel etc., systemd needs it for mounting the root
> > partition). This can be quite inconvenient, especially if the passphrase
> > is long and contains special characters, and grub assumes a different
> > keyboard layout.
> > I therefore developed a proof of concept code allowing grub to pass the
> > passphrase to the kernel and systemd to get the passphrase from the
> > kernel. See the description and patch for the Linux part and the link to
> > all changes below.
>
> Somethng like this is not needed.
> All that is possible already from userspace.
>
> Systemd can do that on his own ( see systemd-cryptsetup-generator )
> ( other init ofc too ) assuming your initrd , cryptsetup and grub is
> setup correctly.
can this be done even if the /boot directory is located inside the
encrypted root partition? I'll have another look at this tomorrow as I'm
currently too tired. This would be really great news for me. (And I'd
have to wonder how I didn't get this right on my own... I already
learned a lot about the boot process doing this, and obviously I still
do not understand enough.)
Thank you for your quick response,
Hansjoerg
Powered by blists - more mailing lists