"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/misc/dracut_90reencrypt/README" (24 Jul 2021, 1762 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Example of simple dracut module for reencryption of system
    2 LUKS drive on-the-fly.
    3 
    4 Install in /usr/[share|lib]/dracut/modules.d/90reencrypt, then
    5 build special initramfs "with dracut -a reencrypt -o crypt".
    6 Reencrypt module doesn't work (has a conflict) with crypt module as
    7 of now. After successful reencryption reboot using original initramfs.
    8 
    9 Dracut then recognize argument rd.luks.reencrypt=name:size,
   10 e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
   11 will be reencrypted (default is whole device).
   12 (Name is kernel name of device.)
   13 
   14 If there's more than single active keyslot in the target luks device
   15 you're required to select one keyslot explicitly for reencryption via
   16 rd.luks.reencrypt_keyslot=<keyslot_number> option. Bear in mind that
   17 if you use this option, all other keyslots will get deactivated in the
   18 process.
   19 
   20 Another argument, rd.luks.reencrypt_key=/dev/sda:/path/to/keyfile
   21 can be used to read password for specific keyslot from device containing
   22 filesystem with a keyfile (file with a password). If you omit reencrypt_key
   23 argument, reencryption would work only in case a LUKS container has
   24 exactly one keyslot activated.
   25 
   26 Arguments rd.luks.reencrypt_keyslot and rd.luks.reencrypt_key are not
   27 mandatory.
   28 
   29 Note that reencryption context is stored in ramdisk, any
   30 fail can mean complete lost of data!
   31 
   32 Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>
   33 
   34 This copyrighted material is made available to anyone wishing to use,
   35 modify, copy, or redistribute it subject to the terms and conditions
   36 of the GNU General Public License v.2.
   37 
   38 You should have received a copy of the GNU General Public License
   39 along with this program; if not, write to the Free Software Foundation,
   40 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.