mirror of
https://github.com/systemd/systemd
synced 2024-07-08 20:15:55 +00:00
man/crypttab: do not recommend using /dev/sdX symlinks in /etc/crypttab
This is just wrong. Quering the symlink names with udevadm is not the easiest, but I think that's the safest way for a documented example.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
parent
38e3c61dbb
commit
12c346d8e8
4
TODO
4
TODO
|
|
@ -386,6 +386,10 @@ Features:
|
|||
|
||||
* udevd: extend memory pressure logic: also kill any idle worker processes
|
||||
|
||||
* udevadm: to make symlink querying with udevadm nicer:
|
||||
- do not enable the pager for queries like 'udevadm info -q -r symlink'
|
||||
- add mode with newlines instead of spaces (for grep)?
|
||||
|
||||
* SIGRTMIN+18 and memory pressure handling should still be added to: hostnamed,
|
||||
localed, oomd, timedated.
|
||||
|
||||
|
|
|
|||
|
|
@ -8,13 +8,17 @@ sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn
|
|||
sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto
|
||||
|
||||
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
||||
# for the future.
|
||||
sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >>/etc/crypttab'
|
||||
# for the future. We don't want to use the (unstable) /dev/sdX name, so let's
|
||||
# figure out a stable link:
|
||||
udevadm info -q -r symlink /dev/sdXn
|
||||
|
||||
# Depending on your distribution and encryption setup, you may need
|
||||
# to manually regenerate your initramfs to be able to use
|
||||
# a FIDO2-Device to unlock the partition during early boot.
|
||||
# More information at https://unix.stackexchange.com/a/705809
|
||||
# Now add the line using the by-uuid symlink to /etc/crypttab:
|
||||
sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - fido2-device=auto" >>/etc/crypttab'
|
||||
|
||||
# Depending on your distribution and encryption setup, you may need to manually
|
||||
# regenerate your initramfs to be able to use a FIDO2 device to unlock the
|
||||
# partition during early boot.
|
||||
# More information at https://unix.stackexchange.com/a/705809.
|
||||
# On Fedora based systems:
|
||||
sudo dracut --force
|
||||
# On Debian based systems:
|
||||
|
|
|
|||
|
|
@ -8,13 +8,17 @@ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sdXn
|
|||
sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto
|
||||
|
||||
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
||||
# for the future.
|
||||
sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >>/etc/crypttab'
|
||||
# for the future. We don't want to use the (unstable) /dev/sdX name, so let's
|
||||
# figure out a stable link:
|
||||
udevadm info -q -r symlink /dev/sdXn
|
||||
|
||||
# Depending on your distribution and encryption setup, you may need
|
||||
# to manually regenerate your initramfs to be able to use
|
||||
# a TPM2 security chip to unlock the partition during early boot.
|
||||
# More information at https://unix.stackexchange.com/a/705809
|
||||
# Now add the line using the by-uuid symlink to /etc/crypttab:
|
||||
sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - tpm2-device=auto" >>/etc/crypttab'
|
||||
|
||||
# Depending on your distribution and encryption setup, you may need to manually
|
||||
# regenerate your initramfs to be able to use a TPM2 security chip to unlock
|
||||
# the partition during early boot.
|
||||
# More information at https://unix.stackexchange.com/a/705809.
|
||||
# On Fedora based systems:
|
||||
sudo dracut --force
|
||||
# On Debian based systems:
|
||||
|
|
|
|||
|
|
@ -24,13 +24,17 @@ sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn
|
|||
sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto
|
||||
|
||||
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
||||
# for the future.
|
||||
sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >>/etc/crypttab'
|
||||
# for the future. We don't want to use the (unstable) /dev/sdX name, so let's
|
||||
# figure out a stable link:
|
||||
udevadm info -q -r symlink /dev/sdXn
|
||||
|
||||
# Depending on your distribution and encryption setup, you may need
|
||||
# to manually regenerate your initramfs to be able to use a
|
||||
# Yubikey / PKCS#11 Token to unlock the partition during early boot.
|
||||
# More information at https://unix.stackexchange.com/a/705809
|
||||
# Now add the line using the by-uuid symlink to /etc/crypttab:
|
||||
sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - pkcs11-uri=auto" >>/etc/crypttab'
|
||||
|
||||
# Depending on your distribution and encryption setup, you may need to manually
|
||||
# regenerate your initramfs to be able to use a Yubikey / PKCS#11 token to
|
||||
# unlock the partition during early boot.
|
||||
# More information at https://unix.stackexchange.com/a/705809.
|
||||
# On Fedora based systems:
|
||||
sudo dracut --force
|
||||
# On Debian based systems:
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user