On 4 Feb 2018 02:39 +0100, from 21naown@xxxxxxxxx: > I would like to open a LUKS container (which is the OS Debian) > through GRUB, but with the header stored in a USB key for example. > Through the file crypttab > (https://manpages.debian.org/stretch/cryptsetup/crypttab.5.en.html), > it seems possible to specify the path of the header, but I have > different failures and I do not know where the problem is. /etc/crypttab is a Debian-ism, not something understood or used natively by LUKS. The system startup scripts then parse that file and translate it into various LUKS-related commands. And of course, if you're storing your crypttab in the encrypted container, you can't read it before you have unlocked the container and mounted the file system therein, but you'd need to read the crypttab to unlock the container; an obvious catch-22 situation. The normal approach for using an encrypted root partition is to have a small, unencrypted /boot which stores the kernel, an initrd, the boot loader, and a few other odds and ends to get the system booted far enough that it can unlock the LUKS container and proceed from there. Is there some particular reason why you don't want to do it that way? If you tell us _why_ you're going down this route, we might be able to suggest a solution that would actually _work_... -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “The most dangerous thought that you can have as a creative person is to think you know what you’re doing.” (Bret Victor) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
