Re: cryptomount passphrase on serial console

help-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cryptomount passphrase on serial console

From:	Opty
Subject:	Re: cryptomount passphrase on serial console
Date:	Tue, 15 Nov 2016 20:56:52 +0100

On Mon, Nov 14, 2016 at 2:19 PM, Andrei Borzenkov <address@hidden> wrote:
> On Mon, Nov 14, 2016 at 4:06 PM, Opty <address@hidden> wrote:
>> On Mon, Nov 14, 2016 at 1:12 PM, Andrei Borzenkov <address@hidden> wrote:
>>> On Mon, Nov 14, 2016 at 11:40 AM, Opty <address@hidden> wrote:
>>>> On Mon, Nov 14, 2016 at 8:39 AM, Andrei Borzenkov <address@hidden> wrote:
>>>>> On Mon, Nov 14, 2016 at 1:00 AM, Opty <address@hidden> wrote:
>>>>>> Hello!
>>>>>>
>>>>>> Is it possible to initialize serial console before cryptomount command
>>>>>> asks for passphrase (encrypted /boot)?
>>>>>>
>>>>>
>>>>> Yes, it is possible. Could you be more specific what exactly you want to 
>>>>> know?
>>>>
>>>> I want to know how. :-)
>>>>
>>>
>>> Well, it obviously depends on which tool you intend to use.
>>>
>>>> Current idea: hack grub-install to add serial support to load.cfg
>>>>
>>>
>>> Yes, grub-install lacks support for it. If you are going to work on
>>> it, I'd suggest at the first step add grub-install parameters (please,
>>> do it in grub-install-common, so they are available for every tool) to
>>> do it; later we can think about fetching them from /etc/default/grub.
>>>
>>> I think parameter should be fairly generic - i.e. we should avoid need
>>> to specify exact serial module, this is something grub-install needs
>>> to figure for each platform, at least in default case.
>>>
>>> And in this case grub-devel is more appropriate list :)
>>
>> Frankly, I'd like to get my specific case working anyhow at first.
>> Then I could probably contribute, although I don't consider myself a
>> good coder.
>>
>> So... Little reminder: I have encrypted /boot (to be specific: BTRFS
>> RAID1 on the top of two LUKS partitions) and I'd like to enter
>> passphrase for unlocking it over serial console which isn't
>> initialized until grub.cfg is read... from encrypted /boot. Kind of
>> chicken or the egg problem. :-)
>>
>> Could adding serial and terminal commands (and maybe something else)
>> to load.cfg before cryptomount do it?
>
>
> Yes. You will also need to add corresponding modules to core.img of
> course, this is already possible by using "--modules=..." parameter.
> For quick and dirty test, manually add commands to load.cfg.

Worked like a charm on the first attempt, thanks. Credits to
http://lists.gnu.org/archive/html/help-grub/2014-12/msg00071.html as
well (original idea).

Now what? :-)

(BTW, forgot to post replies to the list, so correcting now.)

Opty

[Prev in Thread]

Current Thread

[Next in Thread]

cryptomount passphrase on serial console, Opty, 2016/11/13
- Re: cryptomount passphrase on serial console, Andrei Borzenkov, 2016/11/14
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: cryptomount passphrase on serial console, Opty <=
    - Re: cryptomount passphrase on serial console, Andrei Borzenkov, 2016/11/15

Prev by Date: Re: Added SATA drive, now it won't boot
Next by Date: Re: cryptomount passphrase on serial console
Previous by thread: Re: cryptomount passphrase on serial console
Next by thread: Re: cryptomount passphrase on serial console
Index(es):
- Date
- Thread