Talk:Dm-crypt/System configuration

From ArchWiki
Jump to: navigation, search

Need to clarify note about "luks / rd.luks" kernel parameter

Note about use of "luks / rd.luks" kernel parameter refers to 'rootfs' and 'swap' but, apparently, systemd-cryptsetup ignores the entire /etc/crypttab if just one luks.uuid option is specified. That's not clear for me.

As stated on systemd-cryptsetup-generator manpage: If /etc/crypttab exists, only those UUIDs specified on the kernel command line will be activated in the initrd or the real root.

See: https://bbs.archlinux.org/viewtopic.php?id=219859

--Seven.issimo (talk) 11:05, 21 February 2017 (UTC)

Hi, I think it needs to be clarified if this is a systemd bug. The manpage sentence you refer to also is quoted in this bug.
However, there is also the luks.crypttab option and it defaults to yes. These two parts are contradicting. It totally makes no sense to ignore crypttab devices in the generator just because _one_ luks.uuid is on the kernel command line, when it's meant to be toggled with luks.crypttab=no. If you agree, please follow up upstream and leave a bug reference here. If you can't follow up, please say so that someone else can clarify. Thanks. --Indigo (talk) 15:19, 21 February 2017 (UTC)
Unfortunately there is no bug, this is just the way systemd-cryptsetup-generator works. Warning in dm-crypt/System configuration#Using sd-encrypt hook explains it a little bit. The section now suggests using rd.luks.*, since those are the options that should be used for unlocking devices in initramfs stage. -- nl6720 (talk) 12:16, 13 November 2017 (UTC)