Package: src:clevis Version: 8-1 Severity: normal Tags: help As of now, clevis provides initrd for dracut only. While dracut is available in Debian and automated unlocking of the root filesystem works quite well, Debian's default initrd is initramfs and it would certainly increase acceptance of clevis if there was initramfs support as well.
Turns out this isn't as easy as hoped: In dracut, /init is systemd
already while in initramfs it's just a shell script. However, the
clevis-luks-askpass script relies on a systemd feature: Creating
entries /run/systemd/ask-password/ask.*
As a hackaround I created the list of block devices to be unlocked from
'blkid -t TYPE=crypto_LUKS -o device' but this doesn't inhibit the
regular manual unlocking, resulting in an endless loop since an
unlocked device cannot be unlocked again.
Now I'm somewhat stuck. If people with knowledge in initramfs and
especially the unlocking process there using cryptsetup could provide
some input, I'd be glad.
Christoph
signature.asc
Description: PGP signature
