From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Enge <andreas@enge.fr>
Subject: bug#21843: Generated grub.cfg does not support encrypted roots
Date: Tue, 8 Mar 2016 20:33:09 +0100
Message-ID: <20160308193309.GA2251@solar>
References: <87twozi0ql.fsf@gnu.org>
 <20160308192104.GA22722@solar>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44598)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adNOR-0000sL-CE
	for bug-guix@gnu.org; Tue, 08 Mar 2016 14:34:08 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adNOM-0004RK-D6
	for bug-guix@gnu.org; Tue, 08 Mar 2016 14:34:07 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:42904)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adNOM-0004RE-Ab
	for bug-guix@gnu.org; Tue, 08 Mar 2016 14:34:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adNOM-0007Dg-3C
	for bug-guix@gnu.org; Tue, 08 Mar 2016 14:34:02 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.21843.B21843.145746559927699@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <20160308192104.GA22722@solar>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 21843@debbugs.gnu.org

What is needed are the following two lines at the beginning of grub.cfg:

insmod luks
cryptomount -u 1aa...

where 1aa... is the result of "cryptsetup luksUUID /dev/sda2".

So the logic outlined in my previous message works:
Determine the mapped-devices /dev/sdXY of type luks-device-mapping that
lead to a file-system with needed-for-boot? set to #t.
Using
   cryptsetup luksUUID /dev/sdXY
determine a corresponding uuid 12345...0.
If any such mapped-device exists, add
   insmod luks
as the first line of grub.cfg. For any such mapped-device, add a line
   cryptomount -u 12345...0
right after that.

To simplify the logic, we could also move the needed-for-boot? parameter
to mapped-device, or add such a parameter there.

Andreas