Andreas Enge <andr...@enge.fr> skribis:
> What is needed are the following two lines at the beginning of grub.cfg:
>
> insmod luks
> cryptomount -u 1aa...
>
> where 1aa... is the result of "cryptsetup luksUUID /dev/sda2".
>
> So the logic outlined in my previous message works:
> Determine the mapped-devices /dev/sdXY of type luks-device-mapping that
> lead to a file-system with needed-for-boot? set to #t.
> Using
> cryptsetup luksUUID /dev/sdXY
> determine a corresponding uuid 12345...0.
> If any such mapped-device exists, add
> insmod luks
> as the first line of grub.cfg. For any such mapped-device, add a line
> cryptomount -u 12345...0
> right after that.
IIUC we don’t *have* to pass the UUID to ‘cryptomount’; we could also
pass the device name, in GRUB format, which would allow us to use the
same strategy as in ‘grub-root-search’ in (gnu system grub)… with the
difficulty that we’d have to be able to map Linux /dev node names to
GRUB device names.
Furthermore, to allow users to specify a LUKS UUID as the ‘source’ of
their ‘mapped-device’ form, as in:
(mapped-device
(source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) ;LUKS UUID
(target "root")
(type luks-device-mapping))
we’d have to extend <mapped-device-kind> with a method to resolve UUIDs
(in this case, to map a UUID to a /dev node.)
Thoughts? Looks like more work than I initially thought.
Besides, I think we should only worry about the mapped device(s) that
back / and /boot, rather than any mapped device, no?
Thanks for looking into it,
Ludo’.
