В Sun, 09 Nov 2014 16:53:50 +0100 "Garreau\, Alexandre" <[email protected]> пишет:
> Hello, I’ve got some problems with cryptomount, trying to make a > superportable script that could automatically detect any sort of OS or > bootable thing and offer options to boot it. I’ve encountered multiples > problems since beginning (like the fact I can have to enter a same > password twice for instance for GRUB login and cryptomount, or syslinux > sourcing not working yet), but now here a new that I think could be > fixed improving cryptomount features (again): > > I have a whole harddisk GPT-partitionned with one big LUKS partition > containing a LVM volume that contain two partitions: root and swap (it’s > useful to have it encrypted, especially for secure hibernation). > > The first problem I noticed is this one: doing cryptomount -a I see > “(crypto0)” as “(lvm/LVM713-root)” appear and that’s fine, but if I want > to mount only my harddisk, or to mount devices one after other to mount > only some devices (for example only external (ata, usb, fd) or internal > ones, or not to mount already mounted devices and save time), I noticed > “cryptomount (ahci0,gpt1)” makes “(crypto0)” appear, but not > “(lvm/LVM713-root)”. There’s no command to mount LVM, normally it’s > automatically done when detecting a new device, but actually cryptomount > do it only with option “-a”. > There is no such thing as "mount" in grub. Every file name includes device identification (explicitly or implicitly as $root). Some commands like "ls" or "cryptomount -a" scan all devices, which probably you interpret as "mount". When you try access (lvm/LVM713-root) grub will *always* scan available devices to find this volume. There is no need to "mount" it. > The second problem I got is because of the first: I’m forced to use -a, > but I can’t try to mount only internal or external devices with -a, and > thus I’m forced to make GRUB check *again* internal devices when I only > want it to check for possible new encrypted external devices. > > The third problem is that when it checks for possible new encrypted > external devices (via a submenu I made for external devices, so that it > get refreshed at the time you enter in it) it takes a lot of time to > *check again already checked* devices. Thus it not only takes lot of > time the first time I enter the submenu to decrypt what’s to decrypt, > that’s normal and fine, but it takes lot of time also *second* time I go > in this submenu, without asking for password (which is normal: there’s > nothing more to decrypt&mount), so when entering in it the screen remain > void a lot of time (which is quite annoying, and yet creepy for an > unaware user). > > That either could be solved trying to cryptomount each device once after > once if it’s new, checking that storing UUIDs of all present devices in > a variable before each check and then trying to cryptomount only what’s > not present in it. That’s a great amount of complexity but the worst is > I have the problem of being forced to use “-a” to mount LVM. > > Thus just fixing the LVM problem could solve all the other problems, but > adding features not to check twice a device (and even not having to > check UUIDs for internal devices for that since they normally won’t > change) inside cryptomount could really be great, it would decrease > config complexity and make it more usable (and I don’t see how any > problem a such systematic new device check not to systematically loose > time internally checking could cause problems).
signature.asc
Description: PGP signature
_______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
