I am trying to decrypt a root a partition which is spread on two disks through LVM using a key for the second drive. If I decrypt the disks manually the system is properly boot but with the key I can't because I didn't enable it properly. So far I saw since systemd the old debian script won't work anymore hence the only solution viable I found is creating hook (I hope):
Unfortunaly I didn't understand what I should do exactly.12. Storing keyfiles directly in the initrdCode: Select all
zless /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz
-------------------------------------------
Normally devices using a keyfile are ignored (with a loud warning), and
the key file itself is not included in the initrd, because the initramfs
image typically lives on an unencrypted `/boot` partition. However in
some cases it is desirable to include the key file in the initrd; for
instance recent versions of GRUB support booting from encrypted block
devices, allowing an encrypted `/boot` partition.
Among the key files listed in the crypttab(5), those matching the value
of the environment variable KEYFILE_PATTERN (interpreted as a shell
pattern) will be included in the initramfs image. For instance if
`/etc/crypttab` lists two key files `/etc/keys/{root,swap}.key`, you can
add the following to `/etc/cryptsetup-initramfs/conf-hook` to add them to
the initrd.
KEYFILE_PATTERN="/etc/keys/*.key"
Furthermore if the initramfs image is to include private key material,
you'll want to create it with a restrictive umask in order to keep
non-privileged users at bay. This can be achieved by adding the
following to `/etc/initramfs-tools/initramfs.conf`.
UMASK=0077
I created a file inside the folder: /etc/cryptsetup-initramfs/conf-hook
Code: Select all
crytpdata
Code: Select all
KEYFILE_PATTERN="/root/*.keyfile"
Probably I misunderstood the documentation.
Can anyone help me?
Thanks!