git.ipfire.org Git - thirdparty/systemd.git/commit - src/cryptsetup/cryptsetup-generator.c

author	Michal Sekletar <msekleta@redhat.com>
	Thu, 30 Aug 2018 08:45:11 +0000 (08:45 +0000)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 4 Sep 2018 14:54:53 +0000 (16:54 +0200)
commit	70f5f48eb891b12e969577b464de61e15a2593da
tree	b7a3192f39c093e9b7f7899c8659a642e6b511b0	tree \| snapshot
parent	b711aee08f9406175ae61244fd186bd5c0969817	commit \| diff

cryptsetup-generator: introduce basic keydev support

Dracut has a support for unlocking encrypted drives with keyfile stored
on the external drive. This support is included in the generated initrd
only if systemd module is not included.

When systemd is used in initrd then attachment of encrypted drives is
handled by systemd-cryptsetup tools. Our generator has support for
keyfile, however, it didn't support keyfile on the external block
device (keydev).

This commit introduces basic keydev support. Keydev can be specified per
luks.uuid on the kernel command line. Keydev is automatically mounted
during boot and we look for keyfile in the keydev
mountpoint (i.e. keyfile path is prefixed with the keydev mount point
path). After crypt device is attached we automatically unmount
where keyfile resides.

Example:
rd.luks.key=70bc876b-f627-4038-9049-3080d79d2165=/key:LABEL=KEYDEV

man/systemd-cryptsetup-generator.xml		diff \| blob \| blame \| history
src/cryptsetup/cryptsetup-generator.c		diff \| blob \| blame \| history