From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: bug#21843: Generated grub.cfg does not support encrypted roots Date: Wed, 16 Mar 2016 21:40:00 +0100 Message-ID: <20160316204000.GA8709@solar> References: <87twozi0ql.fsf@gnu.org> <20160308192104.GA22722@solar> <20160308193309.GA2251@solar> <8760wuy9mt.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51929) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1agIFf-0000iU-3c for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1agIFa-0006xg-4j for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:53349) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1agIFa-0006xc-1B for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1agIFZ-0002Ty-Pg for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <8760wuy9mt.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 21843@debbugs.gnu.org On Thu, Mar 10, 2016 at 10:17:46AM +0100, Ludovic Courtès wrote: > Furthermore, to allow users to specify a LUKS UUID as the ‘source’ of > their ‘mapped-device’ form, as in: > (mapped-device > (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) ;LUKS UUID > (target "root") > (type luks-device-mapping)) > we’d have to extend with a method to resolve UUIDs > (in this case, to map a UUID to a /dev node.) I just read a bit of the cryptsetup manual; we do not need to do the resolution, in the above example we would have the line cryptomount -u cb67fc72-0d54-4c88-9d4b-b225f30b0f44 (as discussed previously; it works at least without the dashes, we can also try to keep the dashes). And then it should be possible to open the device with cryptsetup luksOpen UUID=cb67fc72-0d54-4c88-9d4b-b225f30b0f44 root This looks for the given uuid in /dev/disk/by-uuid. I wanted to give it a try with the installation image, but unfortunately it does not contain the directory /dev/disk. Andreas