Message ID | 20240422141120.577573-3-Quirin.Gylstorff@siemens.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Add option to encrypt the rootfs | expand |
On Mon, 2024-04-22 at 16:09 +0200, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > This allows to encrypt partition which have as seperate mount ----------------------------------------------^ Typo > script like verity and abrootfs > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > .../initramfs-crypt-hook/files/mount_crypt_partitions.script | 4 > +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/recipes-initramfs/initramfs-crypt- > hook/files/mount_crypt_partitions.script b/recipes- > initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script > index 3411e70..b72323f 100644 > --- a/recipes-initramfs/initramfs-crypt- > hook/files/mount_crypt_partitions.script > +++ b/recipes-initramfs/initramfs-crypt- > hook/files/mount_crypt_partitions.script > @@ -51,7 +51,9 @@ for partition_set in $partition_sets; do > part_device=$(readlink -f "$partition") > crypt_mount_name="encrypted_$partition_label" Please don't rely on labels. This broke things already multiple times. But that's not part of the patch. Probably the label vs. UUID cleanup needs to be done first. Felix > decrypted_part=/dev/mapper/"$crypt_mount_name" > - > + if [ -z "$partition_mountpoint" ]; then > + continue > + fi > if /usr/sbin/cryptsetup luksDump --batch-mode "$part_device" > \ > | grep -q "luks2"; then > mount_partition "$decrypted_part" > "${rootmnt}""$partition_mountpoint"
diff --git a/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script b/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script index 3411e70..b72323f 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script @@ -51,7 +51,9 @@ for partition_set in $partition_sets; do part_device=$(readlink -f "$partition") crypt_mount_name="encrypted_$partition_label" decrypted_part=/dev/mapper/"$crypt_mount_name" - + if [ -z "$partition_mountpoint" ]; then + continue + fi if /usr/sbin/cryptsetup luksDump --batch-mode "$part_device" \ | grep -q "luks2"; then mount_partition "$decrypted_part" "${rootmnt}""$partition_mountpoint"