mkinitcpio autodetect does not work for (sd-)encrypt
Task Info (Flyspray) | |
---|---|
Opened By | Seth VanHeulen (svanheulen) |
Task ID | 76661 |
Type | Bug Report |
Project | Arch Linux |
Category | Packages: Core |
Version | None |
OS | All |
Opened | 2022-11-24 16:07:28 UTC |
Status | Assigned |
Assignee | Christian Hesse (eworm) |
Details
Description:
The 'encrypt' and 'sd-encrypt' hooks use the 'add_all_modules' function to include every crypto module available. The 'add_checked_modules' function should be used instead, which will filter the added modules with the whitelist created by the 'autodetect' hook.
The 'sd-encrypt' hook already does this for TPM modules, just not for the crypto modules for some reason. Currently the only way to prevent unneeded crypto modules from being added is to manually list the ones you need in the undocumented 'CRYPTO_MODULES' variable.