I have a fresh Debian Stretch install and I am trying to modify the boot process.
This is what I have in mind.
There are three options for booting:
- 1. As a regular user (standard)
2. As an administrator
3. Password based
The resulting boot process should be as follows for the different options:
- 1. The initramfs image should read a specific usb-device which has a key on it to unlock the encrypted devices and should login as the user which is set on the usb-device.
2. The initramfs image should read the administrator usb-device and get the administrator skeleton-key to unlock all encrypted devices and login as administrator.
3. This is a backup in case 1 and 2 fail s.t. you can unlock the encrypted devices by typing in a passphrase.
If you have a different solution feel free to let me know, however I am also interested in getting my option to work for my learning curve.
The next step is to automate the proces based on the (un)inserted specific usb-device.
In /boot I have three different images name: vmlinuz-4.9.0-4-686-pae(-pw / -user / -admin) and initrd.img-4.9.0-4-686-pae(-pw / -user / -admin).
I am trying to edit /etc/grub.d/40_custom for the menu entries, but cannot get it to work.