Hello, I was wondering if it possible to embed a luks-key inside the initramfs? Several other initramfs solutions such as Debian's initramfs-tools and Arch's mkinitcpio both allow this. However, I was unable to find the way to do this in dracut. For reference, in Debian: --- you have a key /etc/luks-keys/mykey nano /etc/cryptsetup-initramfs/conf-hook KEYFILE_PATTERN="/etc/luks-keys/mykey" save and exit nano /etc/initramfs-tools/initramfs.conf add this UMASK=0077 (to make the key secure in initrd against regular users) nano /etc/crypttab cryptolvm /dev/sda2 /etc/luks-keys/mykey luks,discard update-initramfs -k all -u --- For reference, in Arch Linux: --- mkdir -m 000 /etc/luks-keys dd if=/dev/random of=/etc/luks-keys/mykey bs=1 count=512 FILES="/etc/luks-keys/mykey" on /etc/mkinitcpio.conf mkinitcpio -p linux "cryptkey=rootfs:/etc/luks-keys/home" on grub kernel line (nano /etc/default/grub) cryptsetup luksAddKey /dev/sda2 /etc/luks-keys/mykey --- Please advise. Thank you. - dat_boi -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
