Hello, I'm trying to configure grub2 to read a keyfile from a usb flash drive in order to decrypt the root partition. The grub2 wiki page specifies that in order to decrypt the root partition, the following should be added in /etc/default/grub: GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root" Also an earlier version of the luks wiki page, that was intended for grub-legacy, mentioned that to decrypt the root partition using a keyfile, the following kernel parameter has to be added: cryptkey=/dev/disk/by-uuid/<uuid>:vfat:/keyfile So I've attempted to add both of these parameters in /etc/default/grub: GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root cryptkey=/dev/disk/by-uuid/3848-EFD5:vfat:/keyfile" I've also added the encrypt hook and vfat module in /etc/mkinitcpio.conf. This is displayed while booting up: :: running early hook [udev] :: running hook [udev] :: Triggering uevents... :: running hook [encrypt] Waiting 10 seconds for device /dev/disk/by-uuid/3848-EFD5 ... Keyfile could not be opened. Reverting to passphrase. The usb flash drive is formated with mkfs.vfat and contains just the keyfile. I would greatly appreciate any advice.
