[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#21843: Generated grub.cfg does not support encrypted roots
From: |
Ludovic Courtès |
Subject: |
bug#21843: Generated grub.cfg does not support encrypted roots |
Date: |
Wed, 23 Nov 2016 21:21:05 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hello!
(And apologies Christopher for not replying earlier!)
I’m happy to report that this issue is finally fixed in
f7f292d359e0eb77617f4ecf6b3164f868ec1784!
The complete list of relevant commits is this:
--8<---------------cut here---------------start------------->8---
f7f292d * install: Enable "cryptodisk" handling in GRUB.
b7d408e * mapped-devices: Use 'cryptsetup-static' in 'luks-device-mapping'.
fe93383 * marionette: Add 'marionette-screen-text' using OCR.
f25c9eb * marionette: Delay synchronization with the host's REPL.
[...]
106b389 * gnu: Add 'cryptsetup-static'.
01f94cc * gnu: Add 'lvm2-static'.
10da75d * gnu: grub: Add dependency on LVM2.
--8<---------------cut here---------------end--------------->8---
Without LVM2 support, ‘grub-install’ and ‘grub-probe’ would fail to
determine what to do with the LUKS-encrypted partition.
When using ‘cryptsetup’ instead of ‘cryptsetup-static’, we were pulling
the whole closure of ‘cryptsetup’ (105 MiB) in the initrd, which was
clearly unreasonable. ;-)
The guts was to come up with a test strategy that would work. The
difficulty here is that we have to enter a passphrase early one in GRUB,
and then once again once the kernel has booted, when ‘cryptsetup’ is
invoked from the initrd. At this point, we have no good communication
channel with the hosts, hence the screenshots with OCR! (Idea stolen
from NixOS’ own tests.)
You can run the test with:
make check-system TESTS=encrypted-root-os
Further testing welcome!
Ludo’.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#21843: Generated grub.cfg does not support encrypted roots,
Ludovic Courtès <=