Difference between revisions of "Mount encrypted volumes in parallel"

From ArchWiki
Jump to: navigation, search
(better direct redirect for this)
 
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This is a simple change to rc.sysinit that allows mounting of your encypted volumes in parallel, which can speed up boot immensely if you have more than one non-root encrypted partition.
+
#REDIRECT: [[Dm-crypt/System_configuration#crypttab]]
 
 
NOTE: You cannot use ASK in /etc/crypttab when using this tweak.
 
 
 
= Installing =
 
 
 
Just find this section in /etc/rc.sysinit (mine was at line 164), and replace that entire stanza with the following.
 
 
 
= The Code =
 
 
 
# Set up non-root encrypted partition mappings
 
if [ -f /etc/crypttab -a -n "$(/bin/grep -v ^# /etc/crypttab | /bin/grep -v ^$)" ]; then
 
/sbin/modprobe -q dm-mod 2>/dev/null
 
stat_busy "Unlocking encrypted volumes:"
 
csfailed=0
 
CS=/sbin/cryptsetup.static
 
do_crypt() {
 
if [ $# -ge 3 ]; then
 
cname="$1"
 
csrc="$2"
 
cpass="$3"
 
shift 3
 
copts="$*"
 
echo "Unlocking ${cname}.."
 
# For some fun reason, the parameter ordering varies for
 
# LUKS and non-LUKS devices.  Joy.
 
if [ "${cpass}" = "SWAP" ]; then
 
# This is DANGEROUS! The only possible safety check
 
# is to not proceed in case we find a LUKS device
 
# This may cause dataloss if it is not used carefully
 
if $CS isLuks $csrc 2>/dev/null; then
 
false
 
else
 
$CS -d /dev/urandom $copts create $cname $csrc >/dev/null
 
if [ $? -eq 0 ]; then
 
stat_append "creating swapspace.."
 
/sbin/mkswap -L $cname /dev/mapper/$cname >/dev/null
 
fi
 
fi
 
elif [ "${cpass}" = "ASK" ]; then
 
printf "\nOpening '${cname}' volume:\n"
 
if $CS isLuks $csrc 2>/dev/null; then
 
$CS $copts luksOpen $csrc $cname < /dev/console
 
else
 
$CS $copts create $cname $csrc < /dev/console
 
fi
 
elif [ "${cpass:0:1}" != "/" ]; then
 
if $CS isLuks $csrc 2>/dev/null; then
 
echo "$cpass" | $CS $copts luksOpen $csrc $cname >/dev/null
 
else
 
echo "$cpass" | $CS $copts create $cname $csrc >/dev/null
 
fi
 
else
 
if $CS isLuks $csrc 2>/dev/null; then
 
$CS -d $cpass $copts luksOpen $csrc $cname >/dev/null
 
else
 
$CS -d $cpass $copts create $cname $csrc >/dev/null
 
fi
 
fi
 
if [ $? -ne 0 ]; then
 
csfailed=1
 
echo "${cname} failed to unlock "
 
else
 
echo "${cname} unlocked "
 
fi
 
fi
 
}
 
while read line; do
 
eval do_crypt "$line" &
 
done </etc/crypttab
 
wait
 
if [ $csfailed -eq 0 ]; then
 
stat_done
 
else
 
stat_fail
 
fi
 
# Maybe someone has LVM on an encrypted block device
 
if [ "$USELVM" = "yes" -o "$USELVM" = "YES" ]; then
 
if [ -x /sbin/lvm -a -d /sys/block ]; then
 
/sbin/lvm vgscan --ignorelockingfailure --mknodes >/dev/null
 
/sbin/lvm vgchange --ignorelockingfailure -a y >/dev/null
 
fi
 
fi
 
fi
 
 
 
= TODO =
 
* make this work with ASK
 
* add an explanation of how it works to the wiki page
 
 
 
= See Also =
 
*[[System Encryption with LUKS for dm-crypt]]
 
 
 
[[Category:Boot process]]
 

Latest revision as of 19:19, 10 May 2015