Comments (4)
Unfortunately that is not enough when the key device is slow to initialize. Key will be probed after opening of the LUKS device starts, when dracut already waits for the passphrase.
I wish to use a key file on an SD card, but the /dev/mmcblk0 device comes online after the /dev/sda device containing the LUKS partition and the key is found too late.
The end result is still the same: the LUKS key file is not used.
from dracut.
I have experienced this problem where /dev/mmcblk0 is supposed to work but dracut doesn't state that the keyfile is found, during the first setup of my system, it worked. After that, it doesn't seem to boot with the keyfile as it is not found. I tried formatting my sd card with ext4 and f2fs, no luck.
I am not using dracut with systemd.
from dracut.
I've taken a further look at what happens when running with systemd vs running without systemd and using LUKS with a key file. The results are very different. The non-systemd mode retries once every 0.5 seconds for 10 retries to hopefully have the key file found.
I'm not proposing any changes to the non-systemd function. My out loud thoughts for the systemd process is to:
- Drop the onetime nature of crypt-run-generator
- Re-work crypt-run-generator (ignore what I've posted previously)
- Have crypt-run-generator track
- If it should associate a key file with this device
- If the key file has been found
- If a hard coded retry limit has been reached for finding the key file
- If an attempt has been made regardless of success or failure to setup the LUKS device
- Reloading of systemd and starting only the specific LUKS device will be done either:
- If no key is required for this LUKS device
- If the per LUKS device retry is reached
- If the key file is found
crypt-run-generator should then run every 0.5 seconds from the settled queue inside initqueue. I'm not quite sure if crypsetup.target needs to be active for the boot process to continue, but adding another script to the queue for checking that all LUKS devices have attempted to be unlocked can cover this if required.
from dracut.
I know I'm late to the party and really needed rd.luks.key to work. At least in Fedora 30 creating a file named /etc/dracut.conf.d/hold-the-onions.conf which contains:
omit_dracutmodules+=" dracut-systemd systemd systemd-networkd systemd-initrd "
removes the systemd monkey-patching and lets dracut be dracut. This fixed it for me.
from dracut.
Related Issues (20)
- Request to repair the error of qemu nbd in the switch_root process HOT 5
- RFC: review if '.early' postfix for ucode is still required
- dracut uses wrong version description for Unified Kernel Images HOT 5
- network-legacy module dropped from Fedora 40 package HOT 8
- systemd will dlopen libraries that used to be statically included
- RFE: new version?🤔 HOT 3
- rd.live.overlay.overlayfs=1 is broken on Fedora 39 LiveOS HOT 4
- Support bcachefs encrypted root unlocking
- [REPO DEAD] This repo is dead HOT 1
- Start job for disk device hangs, Linux Zen images and snapshots fail to boot, after update from 059-6 to 101-1 HOT 1
- Dracut generated initramfs fails to boot with recent kernels due to SELinux Permission Denied errors
- make parsing of `rd.luks.timeout` singular instead of plural to avoid Mal-formed `cryptsetup` command line
- `dracut-initramfs-restore.sh` fails on ostree-based systems HOT 3
- dracut failled to boot a crypt_luks with systemd-gpt-auto mount !!! HOT 2
- sshd not starting after recent patch HOT 10
- Unable to find a root filesystem error
- Dracut now has many dependencies on systemd-modules-load, requiring building modules support into systemd. HOT 1
- dracut-install falls over if sysroot argument end with `/`
- Should dracut uncompress compressed kernel modules before installing into the initramfs?
- dracut creates odd dir
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dracut.