yubikey-full-disk-encryption icon indicating copy to clipboard operation
yubikey-full-disk-encryption copied to clipboard

Published 20 hours ago verified publisher icon agherzan

Possibility to pass many parameters to cryptsetup

Open vaminakov opened this issue 10 months ago • 3 comments

Now line 147 of hook have quotes to each parameter: _tmp="$(printf %s "$_ykfde_passphrase" | cryptsetup luksOpen "$YKFDE_LUKS_DEV" "$YKFDE_LUKS_NAME" "$YKFDE_LUKS_OPTIONS" 2>&1)" So it can handle only one of them. If you have rare setup which need to pass more than one parameter, you'll not able to boot. To fix this need just remove quotes: _tmp="$(printf %s "$_ykfde_passphrase" | cryptsetup luksOpen "$YKFDE_LUKS_DEV" "$YKFDE_LUKS_NAME" $YKFDE_LUKS_OPTIONS 2>&1)"

vaminakov avatar Apr 14 '24 08:04 vaminakov

Passing unquoted variable is something we want to avoid. Were the additional parameters about detached header?

It's also possible to store LUKS options in header

Vincent43 avatar Apr 15 '24 20:04 Vincent43

@Vincent43 for example, in my configuration I'm using --header=/header-luks.img --allow-discards

vaminakov avatar Apr 18 '24 12:04 vaminakov

Yeah so we had proposal for adding headers option before.

The cryptsetup config --header=/header-luks.img <device> also should work

Vincent43 avatar Apr 18 '24 17:04 Vincent43