autodetect does not work for (sd-)encrypt
I originally opened this issue on the Arch Linux bug tracker because the scripts are included in the cryptsetup
package and not even in this repository. But thinking about it now, it would make more sense that this project would maintain these scripts instead of the packager of cryptsetup
. If that's not the case, sorry for wasting your time. Anyway, here's the issue:
The encrypt
and sd-encrypt
hooks use the add_all_modules
function to include every crypto module available. The add_checked_modules
function should be used instead, which will filter the added modules with the whitelist created by the autodetect
hook.
The sd-encrypt
hook already does this for TPM modules, just not for the crypto modules for some reason. Currently the only way to prevent unneeded crypto modules from being added is to manually list the ones you need in the undocumented CRYPTO_MODULES
variable.