I am using a Linux sytem running Kernel 5.4.12 and systemd 234 on a notebook, which is connected via Thunderbolt 3 to a docking station providing an keyboard, mouse and monitor. The root partition is unencrypted, but the swap and home partitions are encrypted via LUKS. The swap partition is also specified as the resume kernel argument.
I am currently using the following udev rule to invoke a script that authorizes the docking station when it is discovered by the kernel:
SUBSYSTEM=="thunderbolt" ENV{DEVTYPE}=="thunderbolt_device" ACTION=="add" ATTR{authorized}=="0" RUN+="/sbin/authorize-dock.sh"
This works well, but apparently the rule is only invoked (and thus the device only discovered) at the later stages of booting, i.e. after providing the password(s) necessary to decrypt the swap and home partition. This means that I need to use the notebook directly before being able to use the external peripherals during startup.
Is there any way to ensure that the Thunderbolt device discovery takes place at least once before cryptsetup runs during boot?
