Guys, please, help.
I have a LUKS device with LVM on it. I unlock that with a passphrase every time I boot but since it's quite uncomfortable I decided to start using a keyfile. However, nothing I do works.
I created a keyfile with
dd if=/dev/urandom of=/boot/key.luks bs=4096 count=1
as Alien Bob suggested here
and stored it to my /boot partition on /dev/sda2 with ext4 (not that it makes any sense, after testing, I'll move it to a usb stick, or similar). Then I added this keyfile to a LUKS header by
cryptsetup -v --key-slot 1 luksAddKey /dev/sda3 /boot/key.luks
and got a confirmation.
Next I ran mkinitrd. I read it's man
and assigned my /dev/sda2 a BOOT label by e2label
. So now it is
mkinitrd -c -k 3.4.33 -m ext4 -f ext4 -r /dev/encrypted/root -h /dev/encrypted/swap -C /dev/sda3 -K LABEL=BOOT:/key.luks -L
The -K option is the only new parameter compared to what I used before.
But it simply doesn't work. During boot I'm still being asked for a password. I googled the web, searched this forum, but found nothing except that what I do should work.
What am I missing?