Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Development (http://www.linux-archive.org/debian-development/)
-   -   dm-crypt and boot process (http://www.linux-archive.org/debian-development/63044-dm-crypt-boot-process.html)

John Goerzen 04-02-2008 08:13 PM

dm-crypt and boot process
 
Hi,

I've been very happy that the Etch installer supports dm-crypt out of the
box. This is a wonderfully nice feature.

Here's my gripe: it gets in the way of unattended boots. Let's say that you
have /home as a separate encrypted filesystem on a given machine. You want
the machine to be able to boot even if you aren't there -- say because the
power goes out or something. But you have a passphrase for /home.

You could set it up with a timeout in crypttab, but here's the rub... when
you do that, and the timeout expires, the boot process halts. You have to
sit at the console and give the root password, then /etc/init.d/cryptdisks
start, then proceed.

In a case like this, it seems desirable to have the boot process not be
interrupted. If the machine boots without /home, I could at least ssh into
it as root and fix that problem.

As far as I can tell, there is no way in the installer to indicate this
preference, and no way in fstab to specify that a failure to find the crypt
device for a given filesystem should just be ignored, leaving that
filesystem unmounted.

So I haven't submitted a bug anywhere because I don't know where to do so, or
if perhaps new code needs to be written to accommodate this scenario. Does
anyone know?

Thanks,

-- John


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

David Härdeman 04-03-2008 07:04 AM

dm-crypt and boot process
 
On Wed, April 2, 2008 22:13, John Goerzen wrote:
> I've been very happy that the Etch installer supports dm-crypt out of the
> box. This is a wonderfully nice feature.
>
> Here's my gripe: it gets in the way of unattended boots.
...
> So I haven't submitted a bug anywhere because I don't know where to do
> so, or if perhaps new code needs to be written to accommodate this
> scenario.

Please submit a wishlist bug report against cryptsetup and I'll take a
look at it.

--
David Härdeman


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 07:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.