Talk:Dm-crypt/System configuration

From ArchWiki

"2.3 Using sd-encrypt hook" very confusing

I stumbled into the topics sd-encrypt and systemd-based init system through the section in this article, because i want to unlock two LUKS devices which together contain the root fs. The sd-encrypt section is very confusing, since it's basically just a reference and a bad starting point to learn about systemd init systems and sd-encrypt. I think the section would be more helpful if it would start with a few basic system configurations, ie. some examples. With just the reference it is very hard to tell which parameters/config files are actually needed, and how they complement or replace each other. Unfortunately as of right now i don't know enough to add examples. Cheers, Clonejo (talk) 15:51, 16 May 2021 (UTC)

tried to simplify, removing only things that are already mentioned in two other places at least on the same page, here's the rollback https://wiki.archlinux.org/index.php?title=Dm-crypt/System_configuration&curid=17199&diff=693328&oldid=693327 and that have nothing to do with mouting root with sd-encrypt. Gcb (talk) 10:32, 29 August 2021 (UTC)


Using crypttab.initramfs

Probabably needs clarification. I wanted to modify the sentence "it will be added to the initramfs as /etc/crypttab" and add "by mkiniticpio" but is this still accurate ? I cannot find any info on mkinitcpio as to why this file is added to the initramfs, nor any reference to crypttab.initramfs anywhere else than on this page. What about Dracut, etc..? Furthermore, this section can be confusing as it links to Dm-crypt/System configuration#crypttab which says that crypttab cannot be used as an alternative to kernel cmdline parameters for the root partition.

-- Cvlc (talk) 11:20, 15 October 2021 (UTC)

It is accurate; run mkinitcpio -H sd-encrypt to see it mentioned. While /etc/crypttab on real root is not involved in crypt device unlocking in the initramfs phase, the /etc/crypttab inside the initramfs image (which is what /etc/crypttab.initramfs becomes) is very much involved.
I have no idea about dracut, dm-crypt/System configuration#Using sd-encrypt hook only concerns the mkinitcpio hook. dracut.cmdline(7) § crypto LUKS mentions some rd.luks options, but I don't know if it uses systemd-cryptsetup-generator(8) or parses and acts upon them itself.
-- nl6720 (talk) 13:04, 15 October 2021 (UTC)
Ok, shouldn't that note be moved up to 1. Mkinitcpio then, rather 2. Bootloader / sd-encrypt ? or maybe to the crypttab section, in an "initramfs" subsection ?
--Cvlc (talk) 13:16, 15 October 2021 (UTC)
The page's structure could use improvement. Having a "Boot loader" section doesn't make sense, since it's only about kernel parameters. A boot loader is just used to set them.
IMO, a better structure would be:
  • mkinitcpio
    • Examples
    • Kernel parameters
      • root
      • resume
      • Using encrypt hook
        • ...
      • Using sd-encrypt hook
        • ...
  • crypttab
...
-- nl6720 (talk) 04:23, 16 October 2021 (UTC)
That would be much better. Maybe even replace mkinitcpio by something more general to inclunde dracut/booster --Cvlc (talk) 12:31, 17 October 2021 (UTC)
The issue is that most of it is mkinitcpio-specific. -- nl6720 (talk) 05:16, 18 October 2021 (UTC)
I reorganized the sections on a whim. There's now a place for dracut and booster specific stuff if desired. E.g.:
  • Unlocking in early userspace
    • mkinitcpio
    • dracut
    • booster
    • Kernel parameters
      • root
      • resume
      • Using encrypt hook
      • Using sd-encrypt hook
      • dracut specific kernel parameters
      • booster specific kernel parameters
-- nl6720 (talk) 12:47, 18 May 2022 (UTC)