kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

crypt: add rd.luks.allow-discards and honor options in crypttab 

also fixed the retry loop for rd.luks.key
master
Harald Hoyer 2012-05-31 11:46:10 +02:00
parent e04d02cc3a
commit 5ad3803dac
2 changed files with 67 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dracut.cmdline.7.asc
View File

@ -191,6 +191,16 @@ crypto LUKS
LUKS UUID, so you don't have to specify the full UUID.
This parameter can be specified multiple times.

**rd.luks.allow-discards=**_<luks uuid>_::
Allow using of discards (TRIM) requests for LUKS partitions with the given UUID.
Any "luks-" of the LUKS UUID is removed before comparing to _<luks uuid>_.
The comparisons also matches, if _<luks uuid>_ is only the beginning of the
LUKS UUID, so you don't have to specify the full UUID.
This parameter can be specified multiple times.

**rd.luks.allow-discards::
Allow using of discards (TRIM) requests on all LUKS partitions.

**rd.luks.crypttab=0**::
do not check, if LUKS partition is in _/etc/crypttab_


71
modules.d/90crypt/cryptroot-ask.sh
View File

@ -32,9 +32,12 @@ else
device="$1"
fi

# number of tries
numtries=${3:-10}

# TODO: improve to support what cmdline does
if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then
while read name dev luksfile rest; do
while read name dev luksfile luksoptions; do
# ignore blank lines and comments
if [ -z "$name" -o "${name#\#}" != "$name" ]; then
continue
@ -57,17 +60,59 @@ if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then
fi
fi
done < /etc/crypttab
unset name dev rest
unset name dev
fi

#
# Open LUKS device
#

info "luksOpen $device $luksname $luksfile"
info "luksOpen $device $luksname $luksfile $luksoptions"

OLD_IFS="$IFS"
IFS=,
set -- $luksoptions
IFS="$OLD_IFS"

while [ $# -gt 0 ]; do
case $1 in
noauto)
# skip this
exit 0
;;
swap)
# skip this
exit 0
;;
tmp)
# skip this
exit 0
;;
allow-discards)
allowdiscards="--allow-discards"
esac
shift
done

# parse for allow-discards
if strstr "$(cryptsetup --help)" "allow-discards"; then
if discarduuids=$(getargs "rd.luks.allow-discards"); then
if strstr " $discarduuids " " ${luksdev##luks-}"; then
allowdiscards="--allow-discards"
fi
elif getargbool rd.luks.allow-discards; then
allowdiscards="--allow-discards"
fi
fi

if strstr "$(cryptsetup --help)" "allow-discards"; then
cryptsetupopts="$cryptsetupopts $allowdiscards"
fi

unset allowdiscards

if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
if cryptsetup --key-file "$luksfile" luksOpen "$device" "$luksname"; then
if cryptsetup --key-file "$luksfile" $cryptsetupopts luksOpen "$device" "$luksname"; then
ask_passphrase=0
fi
else
@ -76,26 +121,22 @@ else
keydev="${tmp%%:*}"
keypath="${tmp#*:}"
else
if [ $# -eq 3 ]; then
if [ $3 -eq 0 ]; then
info "No key found for $device. Fallback to passphrase mode."
if [ $numtries -eq 0 ]; then
warn "No key found for $device. Fallback to passphrase mode."
break
fi
info "No key found for $device. Will try $3 time(s) more later."
set -- "$1" "$2" "$(($3 - 1))"
else
info "No key found for $device. Will try later."
fi
sleep 1
info "No key found for $device. Will try $numtries time(s) more later."
initqueue --unique --onetime --settled \
--name cryptroot-ask-$luksname \
$(command -v cryptroot-ask) "$@"
$(command -v cryptroot-ask) "$device" "$luksname" "$(($numtries-1))"
exit 0
fi
unset tmp

info "Using '$keypath' on '$keydev'"
readkey "$keypath" "$keydev" "$device" \
| cryptsetup -d - luksOpen "$device" "$luksname"
| cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"
unset keypath keydev
ask_passphrase=0
break
@ -103,7 +144,7 @@ else
fi

if [ $ask_passphrase -ne 0 ]; then
luks_open="$(command -v cryptsetup) luksOpen"
luks_open="$(command -v cryptsetup) $cryptsetupopts luksOpen"
ask_for_password --ply-tries 5 \
--ply-cmd "$luks_open -T1 $device $luksname" \
--ply-prompt "Password ($device)" \