That's actually a way better way of doing it :) I'm going to disown this package in favor of that idea.
Search Criteria
Package Details: cryptsetup-multi 1.4.1-1
Package Actions
- View PKGBUILD
- Download tarball
- Search wiki
- Flagged out-of-date (2012-12-19)
| Package Base: | cryptsetup-multi |
|---|---|
| Description: | Userspace setup tool for transparent encryption of block devices using dm-crypt (support for multiple encrypted boot volumes) |
| Upstream URL: | http://code.google.com/p/cryptsetup/ |
| Category: | system |
| Licenses: | |
| Submitter: | Synthead |
| Maintainer: | None |
| Last Packager: | None |
| Votes: | 3 |
| First Submitted: | 2012-02-07 15:10 |
| Last Updated: | 2012-02-07 15:10 |
Latest Comments
Comment by Synthead
Comment by benke
Another easy way of achieving this is to make an extra copy of the encrypt hook. Call it encrypt2. Replace inside this script cryptkey with cryptkey2 and cryptdevice with cryptdevice2. Rebuild the initramfs. Then add cryptdevice2= to your boot options. and cryptkey2= if needed
I now it is not the cleanest way and definetly not that handy if you would need to unlock a lot of encrypted volumes, but for me this works.
Should maybe also cleanup the script a little more because it loads some stuff twice.
hope this is helpfull for someone
Comment by falconindy
This hook is entirely broken with mkinitcpio 0.12.0. Please also consider depending on cryptsetup and renaming the hook rather than replacing it.
1.5.1 was released 2 months ago as well -- another reason not to provide cryptsetup.
Comment by joetw
When I boot with this:
kernel: Command line: BOOT_IMAGE=/vmlinuz-linux root=/dev/mapper/root ro cryptdevice=/dev/mapper/vg-root:root:allow-discards,/dev/mapper/vg-usr:usr:allow-discards
fstrim does not work. (While it does work on other devices activated in crypttab or manually and which are set up the same way as / and /usr, namely LUKS on LVM on the same volgroup/SSD.)
Adding an echo to the code of cryptsetup-multi, it turns out $cryptoptions is empty. I never see the messages "Enabling TRIM/discard support." or "Encryption option '${cryptopt}' not known, ignoring.".
Btw., I read about the kernel parameter root_trim=yes somewhere; it does not change anything in my case.
Anonymous comment
This worked for me, too. I had to change some paths in encrypt_install so that they began with /usr/lib/ to avoid warnings from mkinitcpio, though, as mentioned here:
https://bbs.archlinux.org/viewtopic.php?id=140390
Comment by benke
Works ok only had to make a small change to the encrypt hook to make the cryptkey parameter work,
so it unlocks all disks without prompting for a password(if they use the same keyfile)
You need to call "rm -f ${ckeyfile}" outside of the loop.
The end of /lib/initcpio/hooks/encrypt should look like this
fi
# rm -f ${ckeyfile}
done
fi
rm -f ${ckeyfile}
}
Comment by Synthead
Specify multiple devices (seperated by commas) in the cryptsetup parameter, e.g.
kernel /vmlinuz26 cryptdevice=/dev/sda4:volgroup,/dev/sdb1:volextend root=/dev/mapper/volgroup-root ro
This is a package of the work of delcypher:
https://bbs.archlinux.org/viewtopic.php?id=105086