[dm-crypt] Detect successful passphrase entry for dmcrypt +LUKS from initramfs busybox prompt

Jonas Meurer jonas at freesources.org
Fri Apr 21 21:16:31 CEST 2017


Hi Dominic,

Am 19.04.2017 um 08:39 schrieb Dominic Raferd:
> Sorry if this is off-topic for this mailing list. I am setting up a
> (Ubuntu 16.04) machine with dmcrypt+LUKS encrypted root system (standard
> Debian/Ubuntu recipe) but with added capability for remote entry of the
> passphrase (using dropbear via busybox shell). After the user has
> entered the passphrase (and it is piped into /lib/cryptsetup/passfifo) I
> would like an easy and preferably fast way for a local script (i.e.
> running under busybox ash shell) to detect whether the passphrase entry
> has been successful or not - without requiring local access or a second
> remote login. Thanks for any help.

Indeed it's slightly off-topic as initscripts and initramfs integration
are specific to the distributions that ship/package cryptsetup.

One quick idea is that you could test for existance of the
/dev/mapper/<target> device file. If it exists, then the unlocking was
successful.

I usually logout of the system after remotely unlocking it via initramfs
ssh session and monitor the ping in another terminal. If the ping stops
being answered and continues a few seconds afterwards, that indicates
that the unlock attempt was successful and I login to the booted system.

Cheers
 jonas



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20170421/2dcf1e59/attachment.asc>


More information about the dm-crypt mailing list