dm-crypt and boot process - Debian

This is a discussion on dm-crypt and boot process - Debian ; Hi, I've been very happy that the Etch installer supports dm-crypt out of the box. This is a wonderfully nice feature. Here's my gripe: it gets in the way of unattended boots. Let's say that you have /home as a ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: dm-crypt and boot process

  1. dm-crypt and boot process

    Hi,

    I've been very happy that the Etch installer supports dm-crypt out of the
    box. This is a wonderfully nice feature.

    Here's my gripe: it gets in the way of unattended boots. Let's say that you
    have /home as a separate encrypted filesystem on a given machine. You want
    the machine to be able to boot even if you aren't there -- say because the
    power goes out or something. But you have a passphrase for /home.

    You could set it up with a timeout in crypttab, but here's the rub... when
    you do that, and the timeout expires, the boot process halts. You have to
    sit at the console and give the root password, then /etc/init.d/cryptdisks
    start, then proceed.

    In a case like this, it seems desirable to have the boot process not be
    interrupted. If the machine boots without /home, I could at least ssh into
    it as root and fix that problem.

    As far as I can tell, there is no way in the installer to indicate this
    preference, and no way in fstab to specify that a failure to find the crypt
    device for a given filesystem should just be ignored, leaving that
    filesystem unmounted.

    So I haven't submitted a bug anywhere because I don't know where to do so, or
    if perhaps new code needs to be written to accommodate this scenario. Does
    anyone know?

    Thanks,

    -- John


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. Re: dm-crypt and boot process

    On Wed, April 2, 2008 22:13, John Goerzen wrote:
    > I've been very happy that the Etch installer supports dm-crypt out of the
    > box. This is a wonderfully nice feature.
    >
    > Here's my gripe: it gets in the way of unattended boots.

    ....
    > So I haven't submitted a bug anywhere because I don't know where to do
    > so, or if perhaps new code needs to be written to accommodate this
    > scenario.


    Please submit a wishlist bug report against cryptsetup and I'll take a
    look at it.

    --
    David Härdeman


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

+ Reply to Thread