noah wrote: >> dm-crypt removes key from memory when mapping is removed. >> (so after luksClose) > > Is luksClose really called when a system with encrypted _root_ > filesystem is rebooted? > Imagine something like: initrd -> luksOpen some device -> mount fs > from encrypted volume -> pivot_root to the fs on the encrypted volume > -> boot system -> reboot system > > Just curious since the kernel complains about not being able to > unmount the root filesystem when it's encrypted; I *think* it merely > remounts it R/O, syncs it and then reboot. Hm, yes, you are right. (initcript is trying to stop crypt devices, but it must fail for root filesystem, also there can be active LVM mapping). Seems it need some temporary ramdisk even for system reboot :) Milan -- mbroz@xxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
