Mount encrypted volumes in parallel
This is a simple change to rc.sysinit that allows mounting of your encypted volumes in parallel, which can speed up boot immensely if you have more than one non-root encrypted partition.
NOTE: You cannot use ASK in /etc/crypttab when using this tweak.
Contents
Installing
Just find this section in /etc/rc.sysinit (mine was at line 164), and replace that entire stanza with the following.
The Code
# Set up non-root encrypted partition mappings if [ -f /etc/crypttab -a -n "$(/bin/grep -v ^# /etc/crypttab | /bin/grep -v ^$)" ]; then /sbin/modprobe -q dm-mod 2>/dev/null stat_busy "Unlocking encrypted volumes:" csfailed=0 CS=/sbin/cryptsetup.static do_crypt() { if [ $# -ge 3 ]; then cname="$1" csrc="$2" cpass="$3" shift 3 copts="$*" echo "Unlocking ${cname}.." # For some fun reason, the parameter ordering varies for # LUKS and non-LUKS devices. Joy. if [ "${cpass}" = "SWAP" ]; then # This is DANGEROUS! The only possible safety check # is to not proceed in case we find a LUKS device # This may cause dataloss if it is not used carefully if $CS isLuks $csrc 2>/dev/null; then false else $CS -d /dev/urandom $copts create $cname $csrc >/dev/null if [ $? -eq 0 ]; then stat_append "creating swapspace.." /sbin/mkswap -L $cname /dev/mapper/$cname >/dev/null fi fi elif [ "${cpass}" = "ASK" ]; then printf "\nOpening '${cname}' volume:\n" if $CS isLuks $csrc 2>/dev/null; then $CS $copts luksOpen $csrc $cname < /dev/console else $CS $copts create $cname $csrc < /dev/console fi elif [ "${cpass:0:1}" != "/" ]; then if $CS isLuks $csrc 2>/dev/null; then echo "$cpass" | $CS $copts luksOpen $csrc $cname >/dev/null else echo "$cpass" | $CS $copts create $cname $csrc >/dev/null fi else if $CS isLuks $csrc 2>/dev/null; then $CS -d $cpass $copts luksOpen $csrc $cname >/dev/null else $CS -d $cpass $copts create $cname $csrc >/dev/null fi fi if [ $? -ne 0 ]; then csfailed=1 echo "${cname} failed to unlock " else echo "${cname} unlocked " fi fi } while read line; do eval do_crypt "$line" & done </etc/crypttab wait if [ $csfailed -eq 0 ]; then stat_done else stat_fail fi # Maybe someone has LVM on an encrypted block device if [ "$USELVM" = "yes" -o "$USELVM" = "YES" ]; then if [ -x /sbin/lvm -a -d /sys/block ]; then /sbin/lvm vgscan --ignorelockingfailure --mknodes >/dev/null /sbin/lvm vgchange --ignorelockingfailure -a y >/dev/null fi fi fi
TODO
- make this work with ASK
- add an explanation of how it works to the wiki page