GNU bug report logs - #21843
Generated grub.cfg does not support encrypted roots

Previous Next

Package: guix;

Reported by: ludo <at> gnu.org (Ludovic Courtès)

Date: Fri, 6 Nov 2015 15:53:02 UTC

Severity: important

Tags: fixed, patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Andreas Enge <andreas <at> enge.fr>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 21843 <at> debbugs.gnu.org
Subject: bug#21843: Generated grub.cfg does not support encrypted roots
Date: Thu, 10 Mar 2016 10:48:37 +0100

On Thu, Mar 10, 2016 at 10:17:46AM +0100, Ludovic Courtès wrote:
> IIUC we don’t *have* to pass the UUID to ‘cryptomount’; we could also
> pass the device name, in GRUB format

Yes, but my idea was that the uuid is something we can determine
at instantiation time. If the mapped device is /dev/sdd3, we can run
   (system* "cryptsetup" "luksUUID" "/dev/sdd3")
and obtain the uuid.

I suppose we could also use the grub device (hd3,msdos3) in this case,
but I do not know what is the mapping between /dev nodes and these devices,
and if it is actually a function that could be computed from the file name
in /dev only or not.

>    (mapped-device
>      (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) ;LUKS UUID
>      (target "root")
>      (type luks-device-mapping))
> we’d have to extend <mapped-device-kind> with a method to resolve UUIDs
> (in this case, to map a UUID to a /dev node.)

We can also let the users do the work (and document this in the manual),
by having them supply all the informatin:

   (mapped-device
     (source "/dev/sdd3")
     (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44") ;LUKS UUID
     (target "root")
     (type luks-device-mapping)
     (needed-for-boot? #t))

> Besides, I think we should only worry about the mapped device(s) that
> back / and /boot, rather than any mapped device, no?

This could either be solved by determining which file systems have
needed-for-boot? #t and determine the corresponding mapped devices,
or by adding such a parameter for the mapped-device as in my suggestion
above.

Or we do it all automatically for / and /boot and drop the parameter
needed-for-boot? everywhere.

Andreas
This bug report was last modified 8 years and 242 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.