help-grub
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cryptomount is blind (useless systematic check, lvm, etc.)


From: Garreau\, Alexandre
Subject: Cryptomount is blind (useless systematic check, lvm, etc.)
Date: Sun, 09 Nov 2014 16:53:50 +0100
User-agent: Gnus (5.13), GNU Emacs 24.4.1 (i586-pc-linux-gnu)

Hello, I’ve got some problems with cryptomount, trying to make a
superportable script that could automatically detect any sort of OS or
bootable thing and offer options to boot it. I’ve encountered multiples
problems since beginning (like the fact I can have to enter a same
password twice for instance for GRUB login and cryptomount, or syslinux
sourcing not working yet), but now here a new that I think could be
fixed improving cryptomount features (again):

I have a whole harddisk GPT-partitionned with one big LUKS partition
containing a LVM volume that contain two partitions: root and swap (it’s
useful to have it encrypted, especially for secure hibernation).

The first problem I noticed is this one: doing cryptomount -a I see
“(crypto0)” as “(lvm/LVM713-root)” appear and that’s fine, but if I want
to mount only my harddisk, or to mount devices one after other to mount
only some devices (for example only external (ata, usb, fd) or internal
ones, or not to mount already mounted devices and save time), I noticed
“cryptomount (ahci0,gpt1)” makes “(crypto0)” appear, but not
“(lvm/LVM713-root)”. There’s no command to mount LVM, normally it’s
automatically done when detecting a new device, but actually cryptomount
do it only with option “-a”.

The second problem I got is because of the first: I’m forced to use -a,
but I can’t try to mount only internal or external devices with -a, and
thus I’m forced to make GRUB check *again* internal devices when I only
want it to check for possible new encrypted external devices.

The third problem is that when it checks for possible new encrypted
external devices (via a submenu I made for external devices, so that it
get refreshed at the time you enter in it) it takes a lot of time to
*check again already checked* devices. Thus it not only takes lot of
time the first time I enter the submenu to decrypt what’s to decrypt,
that’s normal and fine, but it takes lot of time also *second* time I go
in this submenu, without asking for password (which is normal: there’s
nothing more to decrypt&mount), so when entering in it the screen remain
void a lot of time (which is quite annoying, and yet creepy for an
unaware user).

That either could be solved trying to cryptomount each device once after
once if it’s new, checking that storing UUIDs of all present devices in
a variable before each check and then trying to cryptomount only what’s
not present in it. That’s a great amount of complexity but the worst is
I have the problem of being forced to use “-a” to mount LVM.

Thus just fixing the LVM problem could solve all the other problems, but
adding features not to check twice a device (and even not having to
check UUIDs for internal devices for that since they normally won’t
change) inside cryptomount could really be great, it would decrease
config complexity and make it more usable (and I don’t see how any
problem a such systematic new device check not to systematically loose
time internally checking could cause problems).

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]