Custom mkinitcpio hook to mount a container image from a block device before running the encrypt hook.
This hook is designed for setups where your encrypted root filesystem is stored inside a container file on a block device, not on the device itself.
It performs the following steps:
- Mounts the block device specified by
src_rootfs=... - Locates the container image inside it
- Attaches it to a loop device
- Makes the loop device accessible to the
encrypthook viacryptdevice=...
You must add the following parameter to your kernel cmdline:
src_rootfs=<device_identifier>:/path/to/container.img cryptdevice=/dev/loop0:your_crypt_name root=/dev/mapper/your_crypt_name
Supported <device_identifier> formats:
/dev/sdXYUUID=<uuid>PARTUUID=<partuuid>LABEL=<label>PARTLABEL=<partlabel>
src_rootfs=UUID=aaaaaaaa-1111-bbbb-2222-cccccccccccc:/crypto/rootfs.img cryptdevice=/dev/loop0:cryptroot cryptkey=PARTUUID=00000000-xxxx-yyyy-9999-777777777777:ext4:/keyfile crypto:::: root=/dev/mapper/cryptroot rw initrd=\Arch\initramfs-linux.img
Note: Parameters
cryptdevice,cryptkey, andcryptoare provided and handled by theencrypthook. This project does not implement or alter their behavior.
For detailed information, refer to the ArchWiki article on dm-crypt system configuration.
Hint: The loop device (
/dev/loop0) is created by this hook when the container image is attached.
paru -S mkinitcpio-hook-neoshy
# or
yay -S mkinitcpio-hook-neoshyOr manually:
git clone https://aur.archlinux.org/mkinitcpio-hook-neoshy.git
cd mkinitcpio-hook-neoshy
makepkg -simake installAfter installation, add neoshy before encrypt in your /etc/mkinitcpio.conf HOOKS array:
HOOKS=(base udev autodetect modconf block keyboard neoshy encrypt filesystems fsck)You may also need to add required modules in MODULES array:
MODULES=(<your_modules> dm_mod dm_crypt xts sha256)Rebuild your initramfs:
sudo mkinitcpio -PMIT
Maintainer: Andrei A. Bykov [email protected]
See CHANGELOG.md for full release history.