Difference between revisions of "Mount encrypted volumes in parallel"

From ArchWiki
Jump to: navigation, search
(better direct redirect for this)
 
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This is a simple change to rc.sysinit that allows mounting of your encypted volumes in parallel, which can speed up boot immensely if you have more than one non-root encrypted partition.
+
#REDIRECT: [[Dm-crypt/System_configuration#crypttab]]
 
+
NOTE: You cannot use ASK in /etc/crypttab when using this tweak.
+
 
+
= Installing =
+
 
+
Just find this section in /etc/rc.sysinit (mine was at line 164), and replace that entire stanza with the following.
+
 
+
= The Code =
+
 
+
# Set up non-root encrypted partition mappings
+
if [ -f /etc/crypttab -a -n "$(/bin/grep -v ^# /etc/crypttab | /bin/grep -v ^$)" ]; then
+
/sbin/modprobe -q dm-mod 2>/dev/null
+
stat_busy "Unlocking encrypted volumes:"
+
csfailed=0
+
CS=/sbin/cryptsetup.static
+
do_crypt() {
+
if [ $# -ge 3 ]; then
+
cname="$1"
+
csrc="$2"
+
cpass="$3"
+
shift 3
+
copts="$*"
+
echo "Unlocking ${cname}.."
+
# For some fun reason, the parameter ordering varies for
+
# LUKS and non-LUKS devices.  Joy.
+
if [ "${cpass}" = "SWAP" ]; then
+
# This is DANGEROUS! The only possible safety check
+
# is to not proceed in case we find a LUKS device
+
# This may cause dataloss if it is not used carefully
+
if $CS isLuks $csrc 2>/dev/null; then
+
false
+
else
+
$CS -d /dev/urandom $copts create $cname $csrc >/dev/null
+
if [ $? -eq 0 ]; then
+
stat_append "creating swapspace.."
+
/sbin/mkswap -L $cname /dev/mapper/$cname >/dev/null
+
fi
+
fi
+
elif [ "${cpass}" = "ASK" ]; then
+
printf "\nOpening '${cname}' volume:\n"
+
if $CS isLuks $csrc 2>/dev/null; then
+
$CS $copts luksOpen $csrc $cname < /dev/console
+
else
+
$CS $copts create $cname $csrc < /dev/console
+
fi
+
elif [ "${cpass:0:1}" != "/" ]; then
+
if $CS isLuks $csrc 2>/dev/null; then
+
echo "$cpass" | $CS $copts luksOpen $csrc $cname >/dev/null
+
else
+
echo "$cpass" | $CS $copts create $cname $csrc >/dev/null
+
fi
+
else
+
if $CS isLuks $csrc 2>/dev/null; then
+
$CS -d $cpass $copts luksOpen $csrc $cname >/dev/null
+
else
+
$CS -d $cpass $copts create $cname $csrc >/dev/null
+
fi
+
fi
+
if [ $? -ne 0 ]; then
+
csfailed=1
+
echo "${cname} failed to unlock "
+
else
+
echo "${cname} unlocked "
+
fi
+
fi
+
}
+
while read line; do
+
eval do_crypt "$line" &
+
done </etc/crypttab
+
wait
+
if [ $csfailed -eq 0 ]; then
+
stat_done
+
else
+
stat_fail
+
fi
+
# Maybe someone has LVM on an encrypted block device
+
if [ "$USELVM" = "yes" -o "$USELVM" = "YES" ]; then
+
if [ -x /sbin/lvm -a -d /sys/block ]; then
+
/sbin/lvm vgscan --ignorelockingfailure --mknodes >/dev/null
+
/sbin/lvm vgchange --ignorelockingfailure -a y >/dev/null
+
fi
+
fi
+
fi
+
 
+
= TODO =
+
* make this work with ASK
+
* add an explanation of how it works to the wiki page
+
 
+
= See Also =
+
*[[System Encryption with LUKS for dm-crypt]]
+
 
+
[[Category:Boot process]]
+

Latest revision as of 19:19, 10 May 2015