Hi tpowa, hi rest of ML,
I hacked the mkinitrd script to support luks volumes (as Judd added the
new cryptsetup to [current]/initrd) and resume from suspend2. It's not
perfect yet and at the time of this writing, it is completely untested.
Anyway, I'll post the diff here, so you can have a look. I hope
attachments are ok on ML
Suspend2 setup works like this:
SUSPEND2_DEVICE=swap:/dev/hda2
for swapwriter, with swap on hda2
SUSPEND2_CRYPT_DEVICE=/dev/hda2
SUSPEND2_DEVICE=swap:/dev/mapper/suspend2
for swapwriter on encrypted swap.
I'm not sure how filewriter setup works, but be careful, I heard that
filewriter doesn't work on dm-crypt volumes, so only use the swap writer
in combination with cryptsetup.
Greets
Thomas aka brain0
--- mkinitrd 2005-11-06 20:36:32.000000000 +0100
+++ mkinitrd.brain0 2005-11-08 13:18:07.000000000 +0100
@@ -605,16 +605,55 @@
echo "echo 0x0100 > /proc/sys/kernel/real-root-dev" >> $LINUXRC
+crypt_up() {
+ if cryptsetup isLuks $2; then
+ echo "/bin/cryptsetup -y luksOpen $1 $2" >>$LINUXRC
+ else
+ # FIXME: cipher, hash, key size, offset, skip can be different
from default values
+ # They aren't stored anywhere for legacy cryptsetup, so specify
them here
+ echo "/bin/cryptsetup -y create $1 $2" >>$LINUXRC
+ fi
+ echo 'if test $? -ne 0; then' >>$LINUXRC
+ echo ' echo "Password Verification FAILED"' >>$LINUXRC
+ echo ' exit 1' >>$LINUXRC
+ echo 'fi' >>$LINUXRC
+}
+
+crypt_down() {
+ if cryptsetup isLuks $2; then
+ echo "/bin/cryptsetup luksClose $1" >> $LINUXRC
+ else
+ echo "/bin/cryptsetup remove $1" >>$LINUXRC
+ fi
+}
+
+if ! [ "$REMOVE_SUSPEND2" == "1" ]; then
+ if ! [ "$SUSPEND2_DEVICE" == "" ]; then
+ # FIXME: If you use filewriter with a file on the root device,
encryption setup
+ # is done twice for the same device.
+ # Anyway, filewriter on dm-crypt is known to be broken
+ if ! [ "$REMOVE_CRYPT" == "1" -o "$SUSPEND2_CRYPT_DEVICE" == ""
]; then
+ echo 'echo "A PASSWORD IS REQUIRED TO RESUME THE
SYSTEM"' >>$LINUXRC
+ crypt_up "suspend2" "$SUSPEND2_CRYPT_DEVICE"
+ fi
+ echo "echo $SUSPEND2_DEVICE > /proc/suspend2/resume2" >>$LINUXRC
+ echo "mount -n -o remount,ro /" >>$LINUXRC
+ echo "echo > /proc/suspend2/do_resume" >>$LINUXRC
+ echo "# If there is a suspend image in $SUSPEND_DEVICE, nothing
below will be executed" >>$LINUXRC
+ echo 'echo "RESUME FAILED. BOOTING."'>>$LINUXRC
+ echo "mount -n -o remount,rw /" >>$LINUXRC
+ if ! [ "$REMOVE_CRYPT" == "1" -o "$SUSPEND2_CRYPT_DEVICE" == ""
]; then
+ crypt_down "suspend2"
+ fi
+ fi
+fi
+
if ! [ "$REMOVE_CRYPT" == "1" ]; then
if ! [ "$CRYPT_DEVICE" == "" ]; then
echo 'echo' >>$LINUXRC
echo 'echo "A PASSWORD IS REQUIRED TO ACCESS ROOT FILESYSTEM"'
>>$LINUXRC
echo 'echo' >>$LINUXRC
- echo "/bin/cryptsetup -y create root $CRYPT_DEVICE" >>$LINUXRC
- echo 'if test $? -ne 0; then' >>$LINUXRC
- echo ' echo "Password Verification FAILED"' >>$LINUXRC
- echo ' exit 1' >>$LINUXRC
- echo 'fi' >>$LINUXRC
+ crypt_up "root" "$CRYPT_DEVICE"
fi
fi
echo "mount -t $ROOT_FS -n -o ro $ROOT_DEVICE /new_root" >> $LINUXRC
_______________________________________________
arch mailing list
[email protected]
http://www.archlinux.org/mailman/listinfo/arch
