diff --git a/TODO b/TODO index 8cff6379af6..a47698f5872 100644 --- a/TODO +++ b/TODO @@ -386,6 +386,10 @@ Features: * udevd: extend memory pressure logic: also kill any idle worker processes +* udevadm: to make symlink querying with udevadm nicer: + - do not enable the pager for queries like 'udevadm info -q -r symlink' + - add mode with newlines instead of spaces (for grep)? + * SIGRTMIN+18 and memory pressure handling should still be added to: hostnamed, localed, oomd, timedated. diff --git a/man/fido2-crypttab.sh b/man/fido2-crypttab.sh index fe7351520a6..c29c0245f42 100644 --- a/man/fido2-crypttab.sh +++ b/man/fido2-crypttab.sh @@ -8,13 +8,17 @@ sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto # If that worked, let's now add the same line persistently to /etc/crypttab, -# for the future. -sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >>/etc/crypttab' +# for the future. We don't want to use the (unstable) /dev/sdX name, so let's +# figure out a stable link: +udevadm info -q -r symlink /dev/sdXn -# Depending on your distribution and encryption setup, you may need -# to manually regenerate your initramfs to be able to use -# a FIDO2-Device to unlock the partition during early boot. -# More information at https://unix.stackexchange.com/a/705809 +# Now add the line using the by-uuid symlink to /etc/crypttab: +sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - fido2-device=auto" >>/etc/crypttab' + +# Depending on your distribution and encryption setup, you may need to manually +# regenerate your initramfs to be able to use a FIDO2 device to unlock the +# partition during early boot. +# More information at https://unix.stackexchange.com/a/705809. # On Fedora based systems: sudo dracut --force # On Debian based systems: diff --git a/man/tpm2-crypttab.sh b/man/tpm2-crypttab.sh index f5f6e3a43db..1b7074a0de1 100644 --- a/man/tpm2-crypttab.sh +++ b/man/tpm2-crypttab.sh @@ -8,13 +8,17 @@ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sdXn sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto # If that worked, let's now add the same line persistently to /etc/crypttab, -# for the future. -sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >>/etc/crypttab' +# for the future. We don't want to use the (unstable) /dev/sdX name, so let's +# figure out a stable link: +udevadm info -q -r symlink /dev/sdXn -# Depending on your distribution and encryption setup, you may need -# to manually regenerate your initramfs to be able to use -# a TPM2 security chip to unlock the partition during early boot. -# More information at https://unix.stackexchange.com/a/705809 +# Now add the line using the by-uuid symlink to /etc/crypttab: +sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - tpm2-device=auto" >>/etc/crypttab' + +# Depending on your distribution and encryption setup, you may need to manually +# regenerate your initramfs to be able to use a TPM2 security chip to unlock +# the partition during early boot. +# More information at https://unix.stackexchange.com/a/705809. # On Fedora based systems: sudo dracut --force # On Debian based systems: diff --git a/man/yubikey-crypttab.sh b/man/yubikey-crypttab.sh index f50a3496313..d355afbd1b2 100644 --- a/man/yubikey-crypttab.sh +++ b/man/yubikey-crypttab.sh @@ -24,13 +24,17 @@ sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto # If that worked, let's now add the same line persistently to /etc/crypttab, -# for the future. -sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >>/etc/crypttab' +# for the future. We don't want to use the (unstable) /dev/sdX name, so let's +# figure out a stable link: +udevadm info -q -r symlink /dev/sdXn -# Depending on your distribution and encryption setup, you may need -# to manually regenerate your initramfs to be able to use a -# Yubikey / PKCS#11 Token to unlock the partition during early boot. -# More information at https://unix.stackexchange.com/a/705809 +# Now add the line using the by-uuid symlink to /etc/crypttab: +sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - pkcs11-uri=auto" >>/etc/crypttab' + +# Depending on your distribution and encryption setup, you may need to manually +# regenerate your initramfs to be able to use a Yubikey / PKCS#11 token to +# unlock the partition during early boot. +# More information at https://unix.stackexchange.com/a/705809. # On Fedora based systems: sudo dracut --force # On Debian based systems: