Can't unlock LUKS volume with a keyfile during boot
Guys, please, help.
I have a LUKS device with LVM on it. I unlock that with a passphrase every time I boot but since it's quite uncomfortable I decided to start using a keyfile. However, nothing I do works. I created a keyfile with Code:
dd if=/dev/urandom of=/boot/key.luks bs=4096 count=1 Code:
cryptsetup -v --key-slot 1 luksAddKey /dev/sda3 /boot/key.luks Next I ran mkinitrd. I read it's man and assigned my /dev/sda2 a BOOT label by e2label. So now it is Code:
mkinitrd -c -k 3.4.33 -m ext4 -f ext4 -r /dev/encrypted/root -h /dev/encrypted/swap -C /dev/sda3 -K LABEL=BOOT:/key.luks -L But it simply doesn't work. During boot I'm still being asked for a password. I googled the web, searched this forum, but found nothing except that what I do should work. What am I missing? |
Are you the same person as "yenn" in that other thread or is it coïncidence that you're both Czech?
Looking at your explanation, I wonder if you configured /etc/lilo.conf for the use of your initrd.gz and also, it is not clear if you ever ran "lilo" after creating the initrd. Eric |
We are different people, it's just coincidence. Weird one indeed...
My guess is you saved key on ext4 partition and acording to this post (https://www.linuxquestions.org/quest...3/) ext (whatever version) can't be used for that. Mknitrd can only use VFAT partition. Important line is: Quote:
And maybe I could write article about this on SlackDocs ;) |
We are, indeed, two people from CZ :).
Quote:
Quote:
Thank you both guys and sorry for lame question, I should have googled more, obviously. However, it would be nice if mkinitrd man page contained this information. Right now the FAT filesystem is only mentioned as an example, not as a necessity. My regards to USA and back to CZ :D. -natharran |
All times are GMT -5. The time now is 11:27 AM. |