Removing LUKS encrypted swap from initrd nash script

Deron Meranda deron.meranda at gmail.com
Wed Jun 25 15:21:49 UTC 2008


Using Fedora 9, I had initially installed with my swap in an LVM
logical volume using LUKS encryption.  I've since changed that so
it just uses dmcrypt directly without LUKS (using /dev/random as
the key in the /etc/crypttab; and this is a desktop so I'm not worried
about the hibernate issues)

But still at boot time, it is prompting for the LUKS passphrase,
which will obviously fail because the logical volume is no longer
managed with LUKS.  I've even completely overwritten the entire
logical volume thinking that the "cryptsetup isLuks" might still
be confused when it probes the logical volume.

The /etc/rc.sysinit script handles this fine though.  It re-creates and
maps the swap using plain dmcrypt with a random key, without
me ever seeing a prompt.  I also checked the /etc/blkid/blkid.tab
to make sure it wasn't cached there.

I've finally traced this back to being an embedded cryptsetup
command in the initrd's nash script "init" (which runs before
rc.sysinit)...

   echo Setting up disk encryption: /dev/mapper/vg0-lv01
   cryptsetup luksOpen /dev/mapper/vg0-lv01 luks-vg0-lv01
   resume /dev/mapper/luks-vg0-lv01

What is the recommended way to rebuild the initrd to remove
this now-unnecessary luksOpen from the initrd?  I'm also not
sure what the "resume" command is supposed to be doing,
but it obviously can't stay either.

Also, more for curiosity, why was that even in the initrd to
begin with?  I didn't think swap was ever used or enabled
until after the rc.sysinit got control.  So why would initrd
need that logical volume luksOpen'ed?

Thanks
-- 
Deron Meranda




More information about the fedora-list mailing list