[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Support for plain dm-crypt and detached LUKS header

From: Mat628
Subject: Re: Support for plain dm-crypt and detached LUKS header
Date: Tue, 11 Apr 2017 01:23:45 -0400

>Am I correct in stating that your patches would only require:

>- command line options on each invocation of grub-install to reference a 
>config file of sorts - a config file in a dedicated directory that would allow 
>this config to persist

Xen, yes you are correct. The config file (${prefix}/etc/mattle_opts.cfg) 
persists in that directory and is opened in "read-only" mode by both 
grub-install and grub-mkconfig automatically.

Once the config file has been set for a particular setup it does not need to be 

To install grub to /boot/grub on the OS rootfs of a LUKS device (dev/sda1) with 
detached header file (/mnt/usb/sda1_header.bin) and have boot.img and core.img 
on usb (/dev/sdb)

mount /dev/sdb1 /mnt/usb
grub-install --crypto-device=/dev/sda1 --crypto-header=/mnt/usb/sda1_header.bin 

Then for grub-mkconfig to auto-generate grub.cfg to /boot/grub

grub-mkconfig -o /boot/grub/grub.cfg


That is all that would be required of the user for each invocation of 
grub-install and grub-mkconfig.

The contents of mattle_opts.cfg are fprintf'ed into load.cfg which is inside 

Simply put one thing my patches can do is "reconnect" the detached header to 
the LUKS device (only in memory, the header is not wrote back to the disk) and 
from that point on grub-utils will be able to treat the LUKS device as normal.

best regards,


p.s. I hope the formatting was a bit better this time.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]