Description
Describe the enhancement
Add option for rd.luks.label=<label>
First off - maybe there is a much easier way to do what I'm doing, but I can't see it.
I'm using dracut to build a NON hostonly initrd. This initrd is part of a signed UKI that I distribute, so to make it portable, I'm using labels on the crypt block device. (and in fstab)
Since I can't specify the label as a kernel option, I have to resort to using crypttab, but that only works for hostonly.
The hack I'm using to get around this at the moment is the following in 90crypt/module-setup.sh:
(remove hostonly check and add label match)
if [[ -f $dracutsysrootdir/etc/crypttab ]]; then
# filter /etc/crypttab for the devices we need
while read -r _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
[[ $_mapper == \#* ]] && continue
[[ $_dev ]] || continue
[[ $_dev == PARTUUID=* ]] &&
_dev="/dev/disk/by-partuuid/${_dev#PARTUUID=}"
[[ $_dev == UUID=* ]] &&
_dev="/dev/disk/by-uuid/${_dev#UUID=}"
[[ $_dev == ID=* ]] &&
_dev="/dev/disk/by-id/${_dev#ID=}"
[[ $_dev == LABEL=* ]] &&
_dev="/dev/disk/by-label/${_dev#LABEL=}"
echo "$_dev $(blkid "$_dev" -s UUID -o value)" >>"${initdir}/etc/block_uuid.map"
I also have to add a udev rule as /usr/lib/udev/rules.d/60-persistent-storage-dm.rules does not add the disk by label for some reason.
Here is missing cryto for disk by label:
ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="disk/by-uuid/$env{ID_FS_UUID_ENC}"
ENV{ID_FS_USAGE}=="filesystem|other", ENV{ID_FS_LABEL_ENC}=="?*", SYMLINK+="disk/by-label/$env{ID_FS_LABEL_ENC}"
Here is /etc/udev/rules.d/99-add-label.rules, my added udev rule:
ATTR{dm/name}=="vg_1-lvm_system", SYMLINK+="disk/by-label/os_luks"
and finally, here is the crypttab:
os_crypt LABEL=os_luks none try-empty-password=1,luks,tpm2-device=auto,discard,force
This all works, but it's super hack and I would much prefer to be able to just pass a label as a kernel option, as I don't know what the uuid will be at build time.
Thanks