24.05.2018 22:05, dat_boi@xxxxxxxxxxx пишет: > Thank you Andrei, this helps some. However, it appears I would need to put > the key on an external USB? With other init systems it is possible to > embed the key completely inside the rootfs so that I only have to type my > passphrase once (At Grub2, unlocking the encrypted /boot). Yes, it works more or less the same. You just need to tell dracut to add key file to initrd. > Once done the > init script calls an embedded lukskey inside the rootfs bypasssing the > need to re-type a second passphrase. > > Arch wiki also describes this method with their init system: > https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Creating_the_keyfiles > > My Google-fu is failing me on how to do this exactly with dracut. > man dracut.conf install_items+=" /path/to/your/key " >> 13.05.2018 07:09, dat_boi@xxxxxxxxxxx пишет: >>> Hello, >>> I was wondering if it possible to embed a luks-key inside the initramfs? >> >> >> Yes, I have done it as proof of concept. >> >> https://forums.opensuse.org/showthread.php/525192-How-to-automatically-unlock-LUKS-encrypted-root-with-a-keyfile-from-a-USB?p=2826976#post2826976 >> > > > -- > To unsubscribe from this list: send the line "unsubscribe initramfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
