On 22 April 2017 at 12:13, Michael Kjörling <michael@xxxxxxxxxxx> wrote:
On 22 Apr 2017 11:22 +0100, from dominic@xxxxxxxxxxxxxxx (Dominic Raferd):
> [ -z "$DONE" ] && echo " Failed, sorry." || echo " Success! Boot is
> proceeding"
As an aside, consider adding a read to the failure case. That would
give the user a chance to reboot the system manually before the boot
continues, which is particularly useful in the case when files within
the encrypted container are required for a successful boot.
I was in a very similar situation for a while but with ZFS, where if
the ZFS pool import failed for some reason the system was _mostly_
bootable but aside from fixing whatever caused the pool to not import,
I'd have to also clean out a bunch of directories so that the file
systems would mount cleanly. (ZFS does not do overlay mounts by
default.) That wasn't particularly fun!
Hi Michael, I'm not sure I understand your situation. In my case, if the script doesn't find that cryptroot has terminated i.e. the user entered the right passphrase (after 3 tries) it just ends and drops the user back to the busybox prompt - or if it has been run as a single line command from the remote machine, it would return to the remote machine. Either way the user can just repeat the action because the booting machine will sit and wait indefinitely for the root system to be unlocked - I think. With remote access and pushing the passphrase straight into /lib/cryptsetup/passfifo I don't think there is any fundamental limitation on the number of attempts that can be made.
In short, I could add a reboot option after failure but is there any point?
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
