Skip to main content

Posts

Showing posts from June, 2013

Now, less cryptic - Cryptsetup changes in Saucy

Previously, whenever cryptsetup package was installed, its modules and utilities were unconditionally copied into initramfs. Making it quite large. But there are legitimate use cases of installing cryptsetup, yet not needing it in the initramfs. One only needs cryptsetup in the initramfs if root filesystem or resume devices are encrypted. I have therefore modified cryptsetup initramfs hooks to only include cryptsetup in the initramfs when necessary. I have tested multiple combinations and here is a small summary: No cryptsetup in initramfs, when: no encrypted devices present non-rootfs filesystems are encrypted (e.g. /var/lib is encrypted) swap is encrypted with random key file (i.e. non-persistent encrypted swap) Cryptsetup is in initramfs, when: rootfs is encrypted ( '/' ) swap is encrypted with a passphrase / key-file (i.e. can unlock & resume from hibernate) CRYPTSETUP='y' option is specified in /etc/initramfs-tools/initramfs.conf The last