On Mi, 25.09.24 15:28, aplanas (aplanas@xxxxxxx) wrote: > Hi! > > An user have /home in a different encrypted partition via pcrlock. After the > initrd, during the normal boot process, the systemd-cryptsetup generator is > reading this file to open the devices in /dev/mapper/$name. But this is > happening before /var gets mounted, and this contains the pcrlock.json file > requires to unlock the home device. systemd-pcrlock places a copy of the policy in the ESP, automatically, where sd-stub then picks it up, so that it is available in the initrd. (since 985a261701cd3ddcbd2587febacc490a481a6b59). This is fundamental so that pcrlock can work for the rootfs or /var itself. And those are the dirs one typically really wants to protect with this, so this is really key. > Is there a way to indicate this dependency for the generator, as a > "RequiresMountsFor=" for .mount services or x-systemd.requires= in fstab? Not currently, no. I think it would be OK to add though. (But really, just get this in via the boot loader path, i.e. st-stub) Lennart -- Lennart Poettering, Berlin
Re: How to express that a device listed in /etc/crypttab depends on a mount point
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: How to express that a device listed in /etc/crypttab depends on a mount point
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Fri, 27 Sep 2024 13:46:55 +0200
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <1be2f0a5282804c48fe6b4d9a9b660fe@suse.de>
- References: <1be2f0a5282804c48fe6b4d9a9b660fe@suse.de>
- References:
- Prev by Date: Re: Exploring Minimal Systemd in Initramfs for Faster Boot
- Next by Date: Re: How to express that a device listed in /etc/crypttab depends on a mount point
- Previous by thread: Re: How to express that a device listed in /etc/crypttab depends on a mount point
- Index(es):
 |