[arch-projects] [RFC initscripts 28/29] Split encrypted mappings to before and after rand seed

Matthew Monaco dgbaley27 at 0x01b.net
Fri May 18 12:22:22 EDT 2012

From: Matthew Monaco <matthew.monaco at 0x01b.net>

For encryped volumes with a random passphrase -- typically those used
for swap space -- it's desireable to set up AFTER the random seed has
been restored. Unfortunately, in many situations the random seed is
stored on another encrypted volume.

To solve this only map non-random volumes in the current location. Later
on, map the random volumes after the random seed has been loaded. This
also involves moving swapon down a few lines.
 rc.sysinit |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/rc.sysinit b/rc.sysinit
index b95defc..270f384 100755
--- a/rc.sysinit
+++ b/rc.sysinit
@@ -152,8 +152,8 @@ activate_cryptos() {
 	(( unlocked )) && activate_vgs
-# Map any unmapped encrypted volumes in crypttab
+# Map any unmapped encrypted volumes in crypttab, non-random
+activate_cryptos -O \!%random
 # Check filesystems
 run_hook sysinit_prefsck
@@ -184,13 +184,16 @@ run_hook sysinit_postmount
 	status "Activating monitoring of LVM2 groups" \
 		vgchange --monitor y >/dev/null
-status "Activating Swap" swapon -a
 [[ $TIMEZONE ]] && status "Configuring Time Zone" set_timezone "$TIMEZONE"
 status "Initializing Random Seed" load_random_seed
 status "Storing new Random Seed" store_random_seed
+# Map any unmapped encrypted volumes in crypttab, only random
+activate_cryptos -O %random
+status "Activating Swap" swapon -a
 # Remove leftover files

More information about the arch-projects mailing list