On Wed, Mar 14, 2012 at 1:53 AM, Matthew Monaco <dgbale...@0x01b.net> wrote: > On 03/13/2012 07:46 PM, Tom Gundersen wrote: >> However, patch 3 (implementing the FS) has an issue (which is the >> reason this has not been implemented yet). That is, it will not work >> as expected if /var is encrypted. > > This is why prior to cryptsetup is just an attempt. If that isn't possible, > then > it's still performed in the same spot as before.
Yeah, your approach is strictly speaking better than what we have now, and if there was no other way I'd go with it. However, since it still leaves out one usecase (encrypted /var + encrypted swap) that can be fixed by reshuffling the crypttab stuff a bit, I'd rather we do that. -t
