cryptsetup keyscripts (Was: Please Consider Increasing SECMEM_BUFFER_SIZE To 1048576)

Guilhem Moulin guilhem at fripost.org
Thu Oct 19 18:50:43 CEST 2017


Hi Peter,

On Thu, 19 Oct 2017 at 18:08:52 +0200, Peter Lebbing wrote:
> The way I solved it back then would not have worked with systemd,
> since they decided to not support the "keyscript" option.  This seems
> like quite a big omission in systemd to me.

Agreed, and we're trying to convince the systemd maintainers to adopt a
Debian-specific patch for keyscript support :-)  (To be fair we haven't
really tested the patch yet, AFAIK.)  In the meantime, editing your
crypttab(5) to add ‘initramfs’ to the 4th field of your device(s) forces
it to be considered for unlocking at initramfs stage.

Cheers,
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171019/dd076065/attachment.sig>


More information about the Gnupg-devel mailing list