cryptsetup should support block devices without filesystems

Bug #1238275 reported by Roel Brook on 2013-10-10
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Wishlist
Unassigned

Bug Description

With the rise of newer filesystems, there are devices which may not actually contain a filesystem, but are used, i.e. as a caching device.

Case in point; I have a HDD and a SSD (a combination which is getting more and more common). My HDD contains a ZFS filesystem, the SSD is used as a "cache".
The same holds true for systems such as bcache.

However, to be safe, one may wish to encrypt these filesystems. Encrypting the cache is then also a good thing, as the cache may contain data equally sensitive.

However, when using a LUKS encrypted volume, the initramfs "cryptsetup" (in local-top) script checks the output from blkid, and errors out if the the device cannot be found in blkid.

I propose an extra option passed via /etc/initramfs-tools/conf.d/cryptroot. I called the option "ignorefs", but feel free to propose a different name.

A patch is attached to this bug report.

Roel Brook (rainmaker52) wrote :

The attachment "cryptsetup.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Changed in cryptsetup (Ubuntu):
importance: Undecided → Wishlist
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu):
status: New → Confirmed

I ran into the same issue, in that cryptsetup's initramfs-tools hook (/usr/share/initramfs-tools/hooks/cryptroot) doesn't currently handle ZFS pools. I've modified the hook to add this functionality. It should be able to handle complicated pool configurations (e.g., multiple vdevs, ZIL, spares, etc.), but I've been able to give it only limited testing within single-vdev pools. I am putting my patches into the public domain.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers