Bug#618862: systemd: ignores keyscript in crypttab
Rick Thomas
rbthomas at pobox.com
Fri Oct 16 17:28:54 BST 2015
On Oct 16, 2015, at 9:20 AM, Marcello Barnaba <vjt at openssl.it> wrote:
>
>>> Workaround: add "luks=no" to the kernel command line to disable systemd's generator: http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html
>
>> Does this work for encrypted root as well? Or is it only for things like swap and /home that can wait until after switching out of initramdisk?
>> If it works for encrypted root, this is genuinely good news!
>
> Yes. I'm using passdev in initramfs at the scripts/local-top
> stage as per cryptsetup docs to mount an encrypted root,
> unlocking it via a keyfile located on an USB key.
>
> /etc/crypttab:
>
> # dev source keyfile opts
> root /dev/sda2 /dev/disk/by-label/keys:/rootkey luks,keyscript=passdev
>
> Then, update-initramfs -u
>
> /dev/sda2 set up using cryptsetup luksFormat. No LVM.
> Working on current Kali Linux, based on Jessie/sid.
> Sorry I don't have version numbers at hand.
>
> HTH, YMMV! :)
>
> ~Marcello
Woo Hoo! I can’t wait to test it! (-: (-: (-:
More information about the Pkg-systemd-maintainers
mailing list