1

It seems that the Linux kernel has a cryptopts=... boot parameter which allows to specify an encrypted root partition. Google search returns many examples of its use, however I was unable to locate the actual documentation. For example, man bootparam does not mention it. I wonder if this is an undocumented feature, or perhaps deprecated? Or maybe it is special to certain distributions? I have even tried to grep the Linux kernel source for the string cryptopts but found nothing... Please help me to solve the mystery!

amkhlv
  • 307
  • 2
  • 14

2 Answers2

2

cryptopts is a boot option of initramfs-tools. This is its documentation:

cryptopts
    passes the args for cryptoroot. Set by the cryptsetup boot hooks.

rvighne
  • 20,755
  • 11
  • 51
  • 73
D3Hunter
  • 1,329
  • 10
  • 21
  • 1
    Yes, thank you! I guess this is somewhat distribution-specific. In Debian, `cryptopts` was removed from `initramfs-tools` in 2007, with the following comment: "init: Remove cryptopts parsing, not official bootparam. cryptsetup scripts parse /proc/cmdline themselves". Indeed, the package `cryptsetup` contains a file `cryptroot-script` which parses `cryptopts`. It was briefly removed and readded in 2006. – amkhlv Dec 31 '14 at 13:30
1

The kernel doesn't. The string cryptopts does not appear anywhere in the Linux kernel.

However, the contents of the kernel command line are exposed to userspace in /proc/cmdline. Many distributions will read boot options from the command line — for instance, Debian and Ubuntu use quiet to suppress status messages at boot time. It's likely that cryptopts is used similarly.

  • Thank you for explaining this to me! In Debian, there is a package `cryptsetup` which contains a file `cryptroot-script` which contains these lines: `for opt in $(cat /proc/cmdline); do \n case $opt in \n cryptopts=*) ...` This resolves the "mystery" – amkhlv Dec 31 '14 at 13:22