<term><varname>luks.key=</varname></term>
<term><varname>rd.luks.key=</varname></term>
- <listitem><para>Takes a password file as argument.</para>
+ <listitem><para>Takes a password file name as argument or
+ a LUKS super block UUID followed by a '=' and a password
+ file name.</para>
+
<para>For those entries specified with
<varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>,
- the password file will be set to the password file specified by
- <varname>rd.luks.key=</varname> or <varname>luks.key</varname></para>
+ the password file will be set to the one specified by
+ <varname>rd.luks.key=</varname> or <varname>luks.key=</varname>
+ of the corresponding UUID, or the password file that was specified
+ without a UUID.</para>
<para><varname>rd.luks.key=</varname>
is honored only by initial RAM disk
(initrd) while
typedef struct crypto_device {
char *uuid;
+ char *keyfile;
char *options;
bool create;
} crypto_device;
while ((d = hashmap_steal_first(arg_disks))) {
free(d->uuid);
+ free(d->keyfile);
free(d->options);
free(d);
}
return NULL;
d->create = false;
- d->options = NULL;
+ d->keyfile = d->options = NULL;
d->uuid = strdup(uuid);
if (!d->uuid) {
} else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
- if (free_and_strdup(&arg_default_keyfile, value))
+ r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
+ if (r == 2) {
+ d = get_crypto_device(uuid);
+ if (!d)
+ return log_oom();
+
+ free(d->keyfile);
+ d->keyfile = uuid_value;
+ uuid_value = NULL;
+ } else if (free_and_strdup(&arg_default_keyfile, value))
return log_oom();
}
else
options = "timeout=0";
- r = create_disk(name, device, arg_default_keyfile, options);
+ r = create_disk(name, device, d->keyfile ?: arg_default_keyfile, options);
if (r < 0)
return r;
}