casper iso-scan/filename= with iso inside luks container

Asked by Fabien on 2021-02-22

Hello,

I would like to know if it's possible or not, so if casper support iso inside a luks container.

I'm trying to setup an usb key with this config
sdb1 = grub (boot)
sdb2 = luks container containing 1xLVM PV, 1xLVM VG "tools", 1xLVM LV "iso", 1xLVM LV "writable" (for persistent data).

Same configuration without LUKS but with LVM works well including persistent data and with LVM persistent LV can be resized if needed.

But with LUKS container i'm dropped every time to initramfs busybox shell. casper.log show that he can't find the iso /iso/file.iso.
I can open Luks container at initramfs shell with cryptosetup open /dev/sdb2 without any problem (asking passphrase and then all LVM layers are activated automatically).

Here is the command line which work with the LVM without LUKS:
set isofile="/iso/ubuntu-mate-20.04.1-desktop-amd64.iso"
linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=$isofile persistent debug --verbose fsck.mode=skip noeject

I tried to add these parameters to previous command line (tested with rd.luks.* or luks.* without difference)
rd.luks=yes rd.luks.uuid=52f98a16-79d2-4671-87f9-fe54f4eefc34 rd.luks.name=52f98a16-79d2-4671-87f9-fe54f4eefc34=LUKS_TOOLS_LVM rd.luks.crypttab=no

During boot I'm dropped directly to initramfs just after casper /scripts/casper-premount/20iso_scan and before luks container is opened, so no passphrase is asked and iso file can't be found which is normal.

I tested with iso file on sdb1 (not encrypted) and writable LVM LV inside luks container to check the luks.* command line parameters and then I'm not dropped to initramfs shell, luks container is opened asking passphrase at boot time and persistent overlay with LVM LV is done without any error.

But I would like to keep all data encrypted so usb key can't be used without grub cryptomount at grub stage, so Is there any way or other method to specify iso file name and location with "iso-scan/filename=" (eg by using UUID or /dev/mapper or /dev/disk/by-uuid/) syntax or parameter to force the Luks container to be opened before the excution of /scripts/casper-premount/20iso_scan ?

I can't find any reference about a configuration with luks container containing iso file.

Thank you in advance.
Regards

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu casper Edit question
Assignee:
No assignee Edit question
Last query:
2021-02-22
Last reply:

Can you help with this problem?

Provide an answer of your own, or ask Fabien for more information if necessary.

To post a message you must log in.