Mount encrypted volumes in parallel
This is a simple change to rc.sysinit that allows mounting of your encypted volumes in parallel, which can speed up boot immensely if you have more than one non-root encrypted partition.
NOTE: You cannot use ASK in /etc/crypttab when using this tweak.
Contents
Installing
Just find this section in /etc/rc.sysinit (mine was at line 164), and replace that entire stanza with the following.
The Code
# Set up non-root encrypted partition mappings
if [ -f /etc/crypttab -a -n "$(/bin/grep -v ^# /etc/crypttab | /bin/grep -v ^$)" ]; then
/sbin/modprobe -q dm-mod 2>/dev/null
stat_busy "Unlocking encrypted volumes:"
csfailed=0
CS=/sbin/cryptsetup.static
do_crypt() {
if [ $# -ge 3 ]; then
cname="$1"
csrc="$2"
cpass="$3"
shift 3
copts="$*"
echo "Unlocking ${cname}.."
# For some fun reason, the parameter ordering varies for
# LUKS and non-LUKS devices. Joy.
if [ "${cpass}" = "SWAP" ]; then
# This is DANGEROUS! The only possible safety check
# is to not proceed in case we find a LUKS device
# This may cause dataloss if it is not used carefully
if $CS isLuks $csrc 2>/dev/null; then
false
else
$CS -d /dev/urandom $copts create $cname $csrc >/dev/null
if [ $? -eq 0 ]; then
stat_append "creating swapspace.."
/sbin/mkswap -L $cname /dev/mapper/$cname >/dev/null
fi
fi
elif [ "${cpass}" = "ASK" ]; then
printf "\nOpening '${cname}' volume:\n"
if $CS isLuks $csrc 2>/dev/null; then
$CS $copts luksOpen $csrc $cname < /dev/console
else
$CS $copts create $cname $csrc < /dev/console
fi
elif [ "${cpass:0:1}" != "/" ]; then
if $CS isLuks $csrc 2>/dev/null; then
echo "$cpass" | $CS $copts luksOpen $csrc $cname >/dev/null
else
echo "$cpass" | $CS $copts create $cname $csrc >/dev/null
fi
else
if $CS isLuks $csrc 2>/dev/null; then
$CS -d $cpass $copts luksOpen $csrc $cname >/dev/null
else
$CS -d $cpass $copts create $cname $csrc >/dev/null
fi
fi
if [ $? -ne 0 ]; then
csfailed=1
echo "${cname} failed to unlock "
else
echo "${cname} unlocked "
fi
fi
}
while read line; do
eval do_crypt "$line" &
done </etc/crypttab
wait
if [ $csfailed -eq 0 ]; then
stat_done
else
stat_fail
fi
# Maybe someone has LVM on an encrypted block device
if [ "$USELVM" = "yes" -o "$USELVM" = "YES" ]; then
if [ -x /sbin/lvm -a -d /sys/block ]; then
/sbin/lvm vgscan --ignorelockingfailure --mknodes >/dev/null
/sbin/lvm vgchange --ignorelockingfailure -a y >/dev/null
fi
fi
fi
TODO
- make this work with ASK
- add an explanation of how it works to the wiki page