I have gotten this to work in Ubuntu 15.10, which has cryptsetup 1.6.6. As mentioned previously, the scripts in 1.6.6 have included the patches from here with some modifications, along with additions for truecrypt volumes, btrfs, and some improvement (hopefully) of situations where it's necessary to wait for disks to come up. Unfortunately, the modifications to the detached header code introduced a number of errors and was, in addition, crippled by the commenting out of the code that inserted the header into the initramfs. I'm about to upload the patches here. A couple of notes on usage/comments:
(1) A function in /lib/cryptsetup/cryptdisks.functions parses the /etc/crypttab file, including any possible "header=<fn>" option. This function only works if <fn> is a complete filename path. That path may need to be in quotes if it's got spaces in it, though I haven't tested that part. I <<believe>> this is only used for disks that come up after root and (perhaps) are not listed as automount in /etc/fstab. (2) The scripts in /usr/share/initramfs-tools/{hooks,scripts/local- top}/cryptroot also parse the crypttab file (respectively a derivative of that file) in order to bring up an encrypted root device. If that root device has a detached header, then the "header=<fn>" option can refer either to a complete filename path, or to a file in the directory /etc/initramfs-tools/conf.d/cryptheader. Both ways of referring to the file (now) work. (3) It's the script /usr/share/initramfs-tools/hooks/cryptroot that had the section commented out. This section was taken directly from the original scripts posted by Glenn. That section is marked by a "TODO", added by the maintainer, and which I have uncommented. A final note. When the header is not detached, it's possible to use UUID's to refer to a device in crypttab. Since the UUID is in the header, when we have a detached header it is no longer possible to refer to the device this way. There is another unique means of referring to a (hardware) disk, the WWN device identifier (https://en.wikipedia.org/wiki/World_Wide_Name). These can be found listed in /dev/disk/by-id/wwn-*. This is probably what you want to use for the first, target, field in the crypttab file. Ok, patches coming. Hope it's useful! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1223622 Title: add support for crypttab mounting of luks devices with detached headers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1223622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs