On Thursday 16 October 2008 22:44:08 Dick Middleton wrote: > Bob Williams wrote: > > What else do I need to do to be able to boot my machine, with the USB > > stick inserted, and not have to enter the passphrase in key slot 0 > > manually each time? > > One way is to use a script which runs cryptsetup luksOpen that you run as a > udev run rule. > > This is what I've done: > > udev rule: > SUBSYSTEM=="block" RUN+="/etc/udev/scripts/usbluks.rr OPTIONS="last_rule" > Where do I put that line? I have a directory /etc/udev/rules.d containing 28 scripts. Do I add the line above to one of them or give it a name and add it to the directory? > Script attached. > Many thanks. I've copied the script into /etc/udev/scripts One of the declarations at the beginning of the usbluks.rr script states KEYDIR = /etc/keys but I do not have that file. > It assumes a name for the device based on the device Do you mean a name like a Volume label or /dev/disk/by-id? > - you need another > udev rule if you want to change this. It then looks for a key file in > /etc/keys with the same name. I'm sure you can devise different schemes > to suit. > > Remember that the key file exists on the system so you need to consider the > security implications. > > Note also that you can use any data as a key. You can use random data or, > for example, jpg files. > > Dick -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.11-0.1-default, KDE 4.1.1 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
