From a522f65d60ecd0c3e41636fa3a8eb0b5d7abcc17 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 03:59:49 +0200
Subject: [PATCH 01/15] Post release version increase

---
 rpm/crypto-sdcard.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec
index 749e8efb..2b35ab9b 100644
--- a/rpm/crypto-sdcard.spec
+++ b/rpm/crypto-sdcard.spec
@@ -1,6 +1,6 @@
 Name:          crypto-sdcard
 Summary:       Configuration files for unlocking and mounting encrypted SD-cards automatically
-Version:       1.7.0
+Version:       1.7.1
 # Since v1.3.1, the release version consists of two or three fields, separated by a dot ("."):
 # - The first field must contain a natural number greater than zero.
 #   This number may be prefixed by one of {alpha,beta,stable}, e.g. "alpha13".

From b3a51e6de686ea7545bf6549100a3f54ea6ec1cd Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 04:06:51 +0200
Subject: [PATCH 02/15] Also test an empty "key" file positive

PROGRAM=="grep .* /etc/..." -> TEST="/etc/..."
Now also tests an empty file positive, which was originally not intended, but is now reconsidered as an use case.
---
 udev/rules.d/96-cryptosd.rules | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index 8590a1a7..573fd11e 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -35,15 +35,15 @@ KERNEL=="sd*", ENV{DEVTYPE}=="disk", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_ME
 
 
 # For DM-Crypt LUKS, match ENV{ID_FS_TYPE}=="crypto_LUKS"
-ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", PROGRAM=="/bin/grep -q .* /etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"
+ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"
 ENV{CRYPTOSD_TYPE}=="LUKS", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_luks_dev-%k_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="'%c'"
 # When above detected and assigned devices are removed
 ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="cryptosd_removed", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop %c"
 
 # For DM-Crypt "plain", ensure (by ENV{ID_*}!="?*" statements) that it appears to be unused space
 # Two rules, one for partitions and a tighter one for whole disks:
-ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add|change", PROGRAM=="/bin/grep -q .* /etc/crypto-sdcard/crypto_plain_%k.key", ENV{UDISKS_PARTITIONABLE}="0", ENV{CRYPTOSD_TYPE}="PLAIN"
-ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add|change", PROGRAM=="/bin/grep -q .* /etc/crypto-sdcard/crypto_plain_%k.key", ENV{CRYPTOSD_TYPE}="PLAIN"
+ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{UDISKS_PARTITIONABLE}="0", ENV{CRYPTOSD_TYPE}="PLAIN"
+ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{CRYPTOSD_TYPE}="PLAIN"
 ENV{CRYPTOSD_TYPE}=="PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_plain_dev-%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'cryptosd-plain@%k.service'"
 # When above detected and assigned devices are removed
 ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="cryptosd_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop cryptosd-plain@%k.service"

From c0b674b4b58fafbef81f2725b08c4572dbcadc01 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 04:22:38 +0200
Subject: [PATCH 03/15] Also test an empty "key" file positive

Also test an empty file positive, which was originally not intended, but is now reconsidered as a valid use case.
`AssertFileNotEmpty=/etc/crypto-sdcard/crypto_luks_%I.key`
->
`ConditionPathIsDirectory=!/etc/crypto-sdcard/crypto_luks_%I.key`
`ConditionPathExists=/etc/crypto-sdcard/crypto_luks_%I.key`
---
 systemd/system/cryptosd-luks@.service | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service
index baf34855..91c6fd78 100644
--- a/systemd/system/cryptosd-luks@.service
+++ b/systemd/system/cryptosd-luks@.service
@@ -7,7 +7,8 @@ Requisite=dev-disk-by\x2duuid-%i.device
 PartOf=mount-cryptosd-luks@%i.service cryptsetup.target
 Conflicts=umount.target shutdown.target actdead.target factory-test.target
 Before=umount.target shutdown.target mount-cryptosd-luks@%i.service
-AssertFileNotEmpty=/etc/crypto-sdcard/crypto_luks_%I.key
+ConditionPathIsDirectory=!/etc/crypto-sdcard/crypto_luks_%I.key
+ConditionPathExists=/etc/crypto-sdcard/crypto_luks_%I.key
 
 [Service]
 Type=oneshot

From e20b84743a92fe1802e9f399559b55940a58aeb5 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 04:22:44 +0200
Subject: [PATCH 04/15] Also test an empty "key" file positive

Also test an empty file positive, which was originally not intended, but is now reconsidered as a valid use case.
`AssertFileNotEmpty=/etc/crypto-sdcard/crypto_luks_%I.key`
->
`ConditionPathIsDirectory=!/etc/crypto-sdcard/crypto_luks_%I.key`
`ConditionPathExists=/etc/crypto-sdcard/crypto_luks_%I.key`
---
 systemd/system/cryptosd-plain@.service | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service
index 105fb9ec..017442e0 100644
--- a/systemd/system/cryptosd-plain@.service
+++ b/systemd/system/cryptosd-plain@.service
@@ -7,7 +7,8 @@ Requisite=dev-%i.device
 PartOf=mount-cryptosd-plain@%i.service cryptsetup.target
 Conflicts=umount.target shutdown.target actdead.target factory-test.target
 Before=umount.target shutdown.target mount-cryptosd-plain@%i.service
-AssertFileNotEmpty=/etc/crypto-sdcard/crypto_plain_%I.key
+ConditionPathIsDirectory=!/etc/crypto-sdcard/crypto_plain_%I.key
+ConditionPathExists=/etc/crypto-sdcard/crypto_plain_%I.key
 
 [Service]
 Type=oneshot

From 4045705c9f0d5a047354366cec25a5a3a246e928 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 04:26:24 +0200
Subject: [PATCH 05/15] Update cryptosd-plain@.service

---
 systemd/system/cryptosd-plain@.service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service
index 017442e0..fa4f74d9 100644
--- a/systemd/system/cryptosd-plain@.service
+++ b/systemd/system/cryptosd-plain@.service
@@ -7,8 +7,8 @@ Requisite=dev-%i.device
 PartOf=mount-cryptosd-plain@%i.service cryptsetup.target
 Conflicts=umount.target shutdown.target actdead.target factory-test.target
 Before=umount.target shutdown.target mount-cryptosd-plain@%i.service
-ConditionPathIsDirectory=!/etc/crypto-sdcard/crypto_plain_%I.key
-ConditionPathExists=/etc/crypto-sdcard/crypto_plain_%I.key
+AssertPathIsDirectory=!/etc/crypto-sdcard/crypto_plain_%I.key
+AssertPathExists=/etc/crypto-sdcard/crypto_plain_%I.key
 
 [Service]
 Type=oneshot

From 31254448567a8b82f6682c13ed953f5670f0142c Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 04:26:56 +0200
Subject: [PATCH 06/15] Update cryptosd-luks@.service

---
 systemd/system/cryptosd-luks@.service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service
index 91c6fd78..8544efe1 100644
--- a/systemd/system/cryptosd-luks@.service
+++ b/systemd/system/cryptosd-luks@.service
@@ -7,8 +7,8 @@ Requisite=dev-disk-by\x2duuid-%i.device
 PartOf=mount-cryptosd-luks@%i.service cryptsetup.target
 Conflicts=umount.target shutdown.target actdead.target factory-test.target
 Before=umount.target shutdown.target mount-cryptosd-luks@%i.service
-ConditionPathIsDirectory=!/etc/crypto-sdcard/crypto_luks_%I.key
-ConditionPathExists=/etc/crypto-sdcard/crypto_luks_%I.key
+AssertPathIsDirectory=!/etc/crypto-sdcard/crypto_luks_%I.key
+AssertPathExists=/etc/crypto-sdcard/crypto_luks_%I.key
 
 [Service]
 Type=oneshot

From 0a02996cf85b9f7ff4c024531c35b2c25eaa2362 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 05:51:00 +0200
Subject: [PATCH 07/15] Every udev rule shall depend on an ACTION==

---
 udev/rules.d/96-cryptosd.rules | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index 573fd11e..cf6e2231 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -36,7 +36,7 @@ KERNEL=="sd*", ENV{DEVTYPE}=="disk", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_ME
 
 # For DM-Crypt LUKS, match ENV{ID_FS_TYPE}=="crypto_LUKS"
 ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"
-ENV{CRYPTOSD_TYPE}=="LUKS", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_luks_dev-%k_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="'%c'"
+ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="add|change", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_luks_dev-%k_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="'%c'"
 # When above detected and assigned devices are removed
 ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="cryptosd_removed", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop %c"
 
@@ -44,7 +44,7 @@ ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{
 # Two rules, one for partitions and a tighter one for whole disks:
 ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{UDISKS_PARTITIONABLE}="0", ENV{CRYPTOSD_TYPE}="PLAIN"
 ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{CRYPTOSD_TYPE}="PLAIN"
-ENV{CRYPTOSD_TYPE}=="PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_plain_dev-%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'cryptosd-plain@%k.service'"
+ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="add|change", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_plain_dev-%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'cryptosd-plain@%k.service'"
 # When above detected and assigned devices are removed
 ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="cryptosd_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop cryptosd-plain@%k.service"
 

From 3e115d721f0fa4d9e84012f5c4e2d676c9c86f26 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 06:08:44 +0200
Subject: [PATCH 08/15] Update mount-cryptosd-luks@.service

---
 systemd/system/mount-cryptosd-luks@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service
index 57fc45c2..18608bc1 100644
--- a/systemd/system/mount-cryptosd-luks@.service
+++ b/systemd/system/mount-cryptosd-luks@.service
@@ -23,5 +23,5 @@ EnvironmentFile=-/etc/crypto-sdcard/cryptosd.conf
 EnvironmentFile=-/etc/crypto-sdcard/cryptosd@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vrq /dev/mapper/%I
+ExecStopPost=-/bin/umount -vrq /dev/mapper/%I
 

From c7c7bcf9b0d4239508387a8ef03c64744aaeb415 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 06:09:09 +0200
Subject: [PATCH 09/15] Update mount-cryptosd-plain@.service

---
 systemd/system/mount-cryptosd-plain@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service
index d851a05d..98605a06 100644
--- a/systemd/system/mount-cryptosd-plain@.service
+++ b/systemd/system/mount-cryptosd-plain@.service
@@ -23,5 +23,5 @@ EnvironmentFile=-/etc/crypto-sdcard/cryptosd.conf
 EnvironmentFile=-/etc/crypto-sdcard/cryptosd@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vrq /dev/mapper/%I
+ExecStopPost=-/bin/umount -vrq /dev/mapper/%I
 

From d2ca33b824db03c35f1cf3b5e51019b54a73b24f Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 06:15:32 +0200
Subject: [PATCH 10/15] Update cryptosd-plain@.service

---
 systemd/system/cryptosd-plain@.service | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service
index fa4f74d9..3de3871e 100644
--- a/systemd/system/cryptosd-plain@.service
+++ b/systemd/system/cryptosd-plain@.service
@@ -24,20 +24,6 @@ StandardInput=file:/etc/crypto-sdcard/crypto_plain_%I.key
 StandardOutput=journal
 # "udisksctl unlock --key-file" does only work with LUKS "containers", not with "plain" ones,
 # thus call cryptsetup directly:
-ExecStart=/usr/sbin/cryptsetup -d - -o ${CRYPTO_PLAIN_OFFSET} -h ${CRYPTO_PLAIN_PASSPHRASE_HASH} -s ${CRYPTO_PLAIN_KEYLENGTH} -c ${CRYPTO_PLAIN_CIPHER} --allow-discards --type plain open /dev/%I %I ; /bin/sleep 1
-# "udisksctl mount" (in mount-cryptosd-luks@.service) sometimes fails when issued right after
-# this unit (instance) and "udisksd" (per "udisks2.service") have finished starting, because
-# the udisks object for this unlocked device has not been created yet.
-# Hence one might give udisksd a second to recognise the fresh device, before starting units
-# dependent on this unit instance and "udisks2.service" / "udisksd".  Side note: Letting
-# dependent units sleep for a second by an "ExecStartPre=/bin/sleep 1" in them would
-# unnecessarily waste this second most of the time; that is avoided this way.
-# Note that using ExecStartPost= for this is futile (as irrelevant for dependencies, see
-# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type= ), but (only)
-# units of the Type=oneshot may use multiple ExecStart= lines (which are *started
-# concurrently*, but the last one is displayed as "main process") and / or commands in an
-# ExecStart= line.  Side note: For non-oneshot units a solution is to move the ExecStart=
-# command to ExecStartPre= (that is *functionally equivalent*, but again displays the
-# ExecStart= command as "main process") and use ExecStart=/bin/sleep 1
+ExecStart=/usr/sbin/cryptsetup -d - -o ${CRYPTO_PLAIN_OFFSET} -h ${CRYPTO_PLAIN_PASSPHRASE_HASH} -s ${CRYPTO_PLAIN_KEYLENGTH} -c ${CRYPTO_PLAIN_CIPHER} --allow-discards --type plain open /dev/%I %I
 ExecStop=/usr/sbin/cryptsetup close %I
 

From 9dfc525a39c55c665f1966969a9a6b8422e62972 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Mon, 12 Apr 2021 06:16:39 +0200
Subject: [PATCH 11/15] Update cryptosd-luks@.service

---
 systemd/system/cryptosd-luks@.service | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service
index 8544efe1..a09b1894 100644
--- a/systemd/system/cryptosd-luks@.service
+++ b/systemd/system/cryptosd-luks@.service
@@ -18,20 +18,6 @@ RemainAfterExit=yes
 # ExecStartPre=/sbin/modprobe qcrypto
 # For various reasons (avoid (temporal) dependency on udisks2, allow for discards etc.), do
 # not use "udisksctl unlock --key-file", instead call cryptsetup directly:
-ExecStart=/usr/sbin/cryptsetup --allow-discards -d /etc/crypto-sdcard/crypto_luks_%I.key luksOpen /dev/disk/by-uuid/%I %I ; /bin/sleep 1
-# "udisksctl mount" (in mount-cryptosd-luks@.service) sometimes fails when issued right after
-# "udisksd" (per "udisks2.service") has finished starting, because the udisks object for this
-# unlocked device has not been created yet.
-# Hence one might give udisksd a second to recognise the fresh device, before starting units
-# dependent on this unit instance and "udisks2.service" / "udisksd".  Side note: Letting
-# dependent units sleep for a second by an "ExecStartPre=/bin/sleep 1" in them would
-# unnecessarily waste this second most of the time; that is avoided this way.
-# Note that using ExecStartPost= for this is futile (as irrelevant for dependencies, see
-# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type= ), but (only)
-# units of the Type=oneshot may use multiple ExecStart= lines (which are *started
-# concurrently*, but the last one is displayed as "main process") and / or commands in an
-# ExecStart= line.  Side note: For non-oneshot units a solution is to move the ExecStart=
-# command to ExecStartPre= (that is *functionally equivalent*, but again displays the
-# ExecStart= command as "main process") and use ExecStart=/bin/sleep 1
+ExecStart=/usr/sbin/cryptsetup --allow-discards -d /etc/crypto-sdcard/crypto_luks_%I.key luksOpen /dev/disk/by-uuid/%I %I
 ExecStop=/usr/sbin/cryptsetup close %I
 

From cdd286e752628ebbc6f402dd559a98b1b1f07c0c Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Tue, 20 Apr 2021 03:14:21 +0200
Subject: [PATCH 12/15] Update 96-cryptosd.rules

---
 udev/rules.d/96-cryptosd.rules | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index cf6e2231..956aa2ff 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -1,17 +1,18 @@
 # Since crypto-sdcard 1.6.1, it adheres to the nomenclature used in other udev rules:
-# - KERNEL=="sd*[!0-9]|sr*", ENV{DEVTYPE}=="disk" for all USB-attached (OTG) storage *devices*
-# - KERNEL=="sd*[0-9]|sr*", ENV{DEVTYPE}=="partition" for all partitions on USB-attached storage devices
-# - KERNEL=="sd*|sr*" for both
+# - SUBSYSTEMS=="usb", KERNEL=="sd*[!0-9]|sr*", ENV{DEVTYPE}=="disk" for all USB-attached (OTG) storage *devices*
+# - SUBSYSTEMS=="usb", KERNEL=="sd*[0-9]|sr*", ENV{DEVTYPE}=="partition" for all partitions on USB-attached storage devices
+# - SUBSYSTEMS=="usb", KERNEL=="sd*|sr*" for both
 # - KERNEL=="mmcblk[1-9]" (the test ENV{DEVTYPE}=="disk" can be omitted) for the card in the internal slot and all external (USB-attached) SD-cards and MMCs (e.g., in readers).
 # - KERNEL=="mmcblk[1-9]p[0-9]" (the test ENV{DEVTYPE}=="partition" can be omitted) for all partitions on the card in the internal slot and on all external SD-cards and MMCs.  Side note: mmcblk[0-9]boot[0-9] are (e)MMC's special devices ("RPMB").
 # - KERNEL=="mmcblk[1-9]*" for both
-# - KERNEL=="mmcblk[1-9]*|sd*|sr*", SUBSYSTEMS=="usb" to filter for anything attached via (presumably "external") USB.  Mind that on devices without an SD-card slot mmcblk1 will be an externally attached card.
+# - SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*" to filter for anything attached via (presumably "external") USB.  Mind that on devices without an SD-card slot mmcblk1 will be an externally attached card.
 # Reference: /usr/lib/udev/rules.d/60-persistent-storage.rules
 # 
-# Is something like KERNEL=="mmcblk[1-9]*|sd*|sr*", SUBSYSTEMS=="usb", ATTR{removable}="1" possible and reasonable (means only "removable *media*"?) ?  Or without restricting it to USB-attached devices / partitions?
+# Is something like SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*", ATTR{removable}="1" possible and reasonable (means only "removable *media*"?) ?  Or without restricting it to USB-attached devices / partitions?  Yes!
 
 SUBSYSTEM!="block", GOTO="cryptosd_mount_end"
-KERNEL!="mmcblk[1-9]*|sd*|sr*", GOTO="cryptosd_open_end"
+SUBSYSTEMS!="usb", KERNEL!="mmcblk[0-9]*|sd*|sr*", GOTO="cryptosd_open_end"
+KERNEL!="mmcblk[1-9]*", GOTO="cryptosd_open_end"
 
 # Ignore the additions / changes by Jolla per
 # https://git.sailfishos.org/mer-core/udisks2/blob/master/rpm/0005-Add-udev-rule-for-the-sda-drives.patch
@@ -24,16 +25,6 @@ KERNEL=="sd*", ENV{DEVTYPE}=="disk", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_ME
 # ToDo: Set UDISKS_CAN_POWER_OFF for all suitable devices dealt with, here:
 #ENV{DEVTYPE}=="disk", ATTR{power/control}=="on", ENV{UDISKS_CAN_POWER_OFF}="1"
 
-# ToDo: Use a test for ATA-Discard / -"Trim" to unlock appropriately:
-# See for details https://github.com/Olf0/crypto-sdcard/wiki/ToDo#starting-points-for-that
-# ATTR{discard_alignment}!="0", ...
-# ATTR{device/queue/discard_granularity}!="0", ...
-# ATTR{device/discard_alignment}!="0", ...
-# ATTRS{discard_alignment}!="0", ...
-# ATTRS{queue/discard_granularity}!="0", ...
-# or IMPORT{parent}="...", IMPORT{db}="...", 
-
-
 # For DM-Crypt LUKS, match ENV{ID_FS_TYPE}=="crypto_LUKS"
 ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"
 ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="add|change", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_luks_dev-%k_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="'%c'"

From 1c9898023ef33ce4e722f269d388e2b904dc91b6 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Tue, 20 Apr 2021 03:48:41 +0200
Subject: [PATCH 13/15] Update 96-cryptosd.rules

---
 udev/rules.d/96-cryptosd.rules | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index 956aa2ff..e2272bcb 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -12,29 +12,31 @@
 
 SUBSYSTEM!="block", GOTO="cryptosd_mount_end"
 SUBSYSTEMS!="usb", KERNEL!="mmcblk[0-9]*|sd*|sr*", GOTO="cryptosd_open_end"
-KERNEL!="mmcblk[1-9]*", GOTO="cryptosd_open_end"
+# Note that this means: If NOT (SUBSYSTEMS=="usb" OR KERNEL=="mmcblk[0-9]*|sd*|sr*"), then GOTO.
 
 # Ignore the additions / changes by Jolla per
 # https://git.sailfishos.org/mer-core/udisks2/blob/master/rpm/0005-Add-udev-rule-for-the-sda-drives.patch
 # by setting these anew / clobbering these for *all suitable* devices.
 KERNEL=="mmcblk[1-9]*", ENV{DEVTYPE}=="disk", ENV{MMC_TYPE}!="?*", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_MEDIA_FLASH_SD}="1"
-KERNEL=="sd*", ENV{DEVTYPE}=="disk", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_MEDIA_FLASH_SD}="1"
-# ToDo: Only set that for storage, which is not "rotational", but also for SATA-RAIDs; check, if ATTR{queue/rotational} works!?!
-#KERNEL=="sd*|sr*", ENV{DEVTYPE}=="disk", ATTR{queue/rotational}=="0", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_MEDIA_FLASH_SD}="1"
+SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ENV{DEVTYPE}=="disk", ATTR{queue/rotational}=="0", ENV{MMC_TYPE}!="?*", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_MEDIA_FLASH_SD}="1"
 
-# ToDo: Set UDISKS_CAN_POWER_OFF for all suitable devices dealt with, here:
-#ENV{DEVTYPE}=="disk", ATTR{power/control}=="on", ENV{UDISKS_CAN_POWER_OFF}="1"
+# Set UDISKS_CAN_POWER_OFF for all suitable devices dealt with, here
+KERNEL=="mmcblk[1-9]*", ENV{DEVTYPE}=="disk", ATTR{power/control}=="?*", ATTR{power/control}="on", ENV{UDISKS_CAN_POWER_OFF}="1"
+SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ENV{DEVTYPE}=="disk", ATTR{power/control}=="?*", ATTR{power/control}="on", ENV{UDISKS_CAN_POWER_OFF}="1"
 
 # For DM-Crypt LUKS, match ENV{ID_FS_TYPE}=="crypto_LUKS"
-ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"
+KERNEL=="mmcblk[1-9]*", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"
+SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"
 ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="add|change", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_luks_dev-%k_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="'%c'"
 # When above detected and assigned devices are removed
 ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="cryptosd_removed", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop %c"
 
 # For DM-Crypt "plain", ensure (by ENV{ID_*}!="?*" statements) that it appears to be unused space
 # Two rules, one for partitions and a tighter one for whole disks:
-ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{UDISKS_PARTITIONABLE}="0", ENV{CRYPTOSD_TYPE}="PLAIN"
-ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{CRYPTOSD_TYPE}="PLAIN"
+KERNEL=="mmcblk[1-9]*", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{UDISKS_PARTITIONABLE}="0", ENV{CRYPTOSD_TYPE}="PLAIN"
+SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{UDISKS_PARTITIONABLE}="0", ENV{CRYPTOSD_TYPE}="PLAIN"
+KERNEL=="mmcblk[1-9]*", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{CRYPTOSD_TYPE}="PLAIN"
+SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_plain_%k.key", ENV{CRYPTOSD_TYPE}="PLAIN"
 ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="add|change", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="cryptosd_plain_dev-%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'cryptosd-plain@%k.service'"
 # When above detected and assigned devices are removed
 ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="cryptosd_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop cryptosd-plain@%k.service"
@@ -49,7 +51,7 @@ ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="
 ENV{CRYPTOSD_TYPE}=="mount-LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="mount-removed", ENV{UDISKS_NAME}="mount_cryptosd_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", RUN{program}+="/usr/bin/systemctl stop %c"
 
 # Ditto for DM-Crypt "plain"
-ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="mmcblk[1-9]*|sd*|sr*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_cryptosd_plain_%E{DM_NAME}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'mount-cryptosd-plain@%E{DM_NAME}.service'"
+ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="mmcblk[0-9]*|sd*|sr*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_cryptosd_plain_%E{DM_NAME}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'mount-cryptosd-plain@%E{DM_NAME}.service'"
 ENV{CRYPTOSD_TYPE}=="mount-PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="mount-removed", ENV{UDISKS_NAME}="mount_cryptosd_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop mount-cryptosd-plain@%E{DM_NAME}.service"
 
 LABEL="cryptosd_mount_end"

From 483f3928361db1a51cb1cebc80673ec84b1f2224 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Tue, 20 Apr 2021 03:55:06 +0200
Subject: [PATCH 14/15] Update 96-cryptosd.rules

---
 udev/rules.d/96-cryptosd.rules | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index e2272bcb..3591e2ac 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -8,10 +8,11 @@
 # - SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*" to filter for anything attached via (presumably "external") USB.  Mind that on devices without an SD-card slot mmcblk1 will be an externally attached card.
 # Reference: /usr/lib/udev/rules.d/60-persistent-storage.rules
 # 
-# Is something like SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*", ATTR{removable}="1" possible and reasonable (means only "removable *media*"?) ?  Or without restricting it to USB-attached devices / partitions?  Yes!
+# Q: Is something like SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*", ATTR{removable}="1" possible and reasonable (means only "removable *media*"?) ?  Or without restricting it to USB-attached devices / partitions?
+# A: Yes.
 
-SUBSYSTEM!="block", GOTO="cryptosd_mount_end"
-SUBSYSTEMS!="usb", KERNEL!="mmcblk[0-9]*|sd*|sr*", GOTO="cryptosd_open_end"
+SUBSYSTEM!="block", GOTO="cryptosd_end"
+#SUBSYSTEMS!="usb", KERNEL!="mmcblk[0-9]*|sd*|sr*", GOTO="cryptosd_open_end"
 # Note that this means: If NOT (SUBSYSTEMS=="usb" OR KERNEL=="mmcblk[0-9]*|sd*|sr*"), then GOTO.
 
 # Ignore the additions / changes by Jolla per
@@ -41,10 +42,10 @@ ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="add|change", ENV{UDISKS_SYSTEM}="0", ENV{U
 # When above detected and assigned devices are removed
 ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="cryptosd_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop cryptosd-plain@%k.service"
 
-LABEL="cryptosd_open_end"
+#LABEL="cryptosd_open_end"
 
 
-KERNEL!="dm-[0-9]*", GOTO="cryptosd_mount_end"
+KERNEL!="dm-[0-9]*", GOTO="cryptosd_end"
 
 # Carefully match resulting virtual node dm-[0-9]* to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details
 ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="????????-????-????-????-????????????|????-????", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-LUKS", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_cryptosd_luks_%E{DM_NAME}", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="'%c'"
@@ -54,5 +55,5 @@ ENV{CRYPTOSD_TYPE}=="mount-LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="mount-re
 ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="mmcblk[0-9]*|sd*|sr*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_cryptosd_plain_%E{DM_NAME}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'mount-cryptosd-plain@%E{DM_NAME}.service'"
 ENV{CRYPTOSD_TYPE}=="mount-PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="mount-removed", ENV{UDISKS_NAME}="mount_cryptosd_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/usr/bin/systemctl stop mount-cryptosd-plain@%E{DM_NAME}.service"
 
-LABEL="cryptosd_mount_end"
+LABEL="cryptosd_end"
 

From 3cc28afd06a0df67ecaf199c955252c2c5889efc Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Tue, 20 Apr 2021 04:22:19 +0200
Subject: [PATCH 15/15] Update 96-cryptosd.rules

---
 udev/rules.d/96-cryptosd.rules | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index 3591e2ac..35777c9d 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -8,8 +8,8 @@
 # - SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*" to filter for anything attached via (presumably "external") USB.  Mind that on devices without an SD-card slot mmcblk1 will be an externally attached card.
 # Reference: /usr/lib/udev/rules.d/60-persistent-storage.rules
 # 
-# Q: Is something like SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*", ATTR{removable}="1" possible and reasonable (means only "removable *media*"?) ?  Or without restricting it to USB-attached devices / partitions?
-# A: Yes.
+# Q: Is something like SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*", ATTRS{removable}=="1" possible and reasonable (means only "removable *media*"?) ?  Or without restricting it to USB-attached devices / partitions?
+# A: Yes, but potential side effects are still evaluated.
 
 SUBSYSTEM!="block", GOTO="cryptosd_end"
 #SUBSYSTEMS!="usb", KERNEL!="mmcblk[0-9]*|sd*|sr*", GOTO="cryptosd_open_end"
@@ -21,9 +21,11 @@ SUBSYSTEM!="block", GOTO="cryptosd_end"
 KERNEL=="mmcblk[1-9]*", ENV{DEVTYPE}=="disk", ENV{MMC_TYPE}!="?*", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_MEDIA_FLASH_SD}="1"
 SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ENV{DEVTYPE}=="disk", ATTR{queue/rotational}=="0", ENV{MMC_TYPE}!="?*", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_MEDIA_FLASH_SD}="1"
 
-# Set UDISKS_CAN_POWER_OFF for all suitable devices dealt with, here
-KERNEL=="mmcblk[1-9]*", ENV{DEVTYPE}=="disk", ATTR{power/control}=="?*", ATTR{power/control}="on", ENV{UDISKS_CAN_POWER_OFF}="1"
-SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ENV{DEVTYPE}=="disk", ATTR{power/control}=="?*", ATTR{power/control}="on", ENV{UDISKS_CAN_POWER_OFF}="1"
+# Set power control / UDISKS_CAN_POWER_OFF for all devices dealt with, here: This is also supported for partitions, not only disks!?!
+# KERNEL=="mmcblk[1-9]*", ATTR{power/control}=="off", ATTR{power/control}="auto"
+# SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ATTR{power/control}=="off", ATTR{power/control}="auto"
+KERNEL=="mmcblk[1-9]*", ATTR{power/control}=="on", ENV{UDISKS_CAN_POWER_OFF}="1"
+SUBSYSTEMS=="usb", KERNEL=="mmcblk0*|sd*|sr*", ATTR{power/control}=="on", ENV{UDISKS_CAN_POWER_OFF}="1"
 
 # For DM-Crypt LUKS, match ENV{ID_FS_TYPE}=="crypto_LUKS"
 KERNEL=="mmcblk[1-9]*", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", TEST=="/etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}.key", ENV{CRYPTOSD_TYPE}="LUKS"