[SOLVED] INITRAMFS + HOOK, help...

Kernels & Hardware, configuring network, installing services

[SOLVED] INITRAMFS + HOOK, help...

Postby Danielsan » 2019-07-12 15:12

Hi There,

I am trying to decrypt a root a partition which is spread on two disks through LVM using a key for the second drive. If I decrypt the disks manually the system is properly boot but with the key I can't because I didn't enable it properly. So far I saw since systemd the old debian script won't work anymore hence the only solution viable I found is creating hook (I hope):

Code: Select all
zless /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz


12. Storing keyfiles directly in the initrd
-------------------------------------------

Normally devices using a keyfile are ignored (with a loud warning), and
the key file itself is not included in the initrd, because the initramfs
image typically lives on an unencrypted `/boot` partition. However in
some cases it is desirable to include the key file in the initrd; for
instance recent versions of GRUB support booting from encrypted block
devices, allowing an encrypted `/boot` partition.

Among the key files listed in the crypttab(5), those matching the value
of the environment variable KEYFILE_PATTERN (interpreted as a shell
pattern) will be included in the initramfs image. For instance if
`/etc/crypttab` lists two key files `/etc/keys/{root,swap}.key`, you can
add the following to `/etc/cryptsetup-initramfs/conf-hook` to add them to
the initrd.

KEYFILE_PATTERN="/etc/keys/*.key"

Furthermore if the initramfs image is to include private key material,
you'll want to create it with a restrictive umask in order to keep
non-privileged users at bay. This can be achieved by adding the
following to `/etc/initramfs-tools/initramfs.conf`.

UMASK=0077


Unfortunaly I didn't understand what I should do exactly.

I created a file inside the folder: /etc/cryptsetup-initramfs/conf-hook

Code: Select all
crytpdata


and I simply wrote:

Code: Select all
KEYFILE_PATTERN="/root/*.keyfile"


I added the key on the crypttab and updated the initiramfs, but nothing happened.
Probably I misunderstood the documentation. :(

Can anyone help me?

Thanks!
Last edited by Danielsan on 2019-07-17 20:44, edited 1 time in total.
User avatar
Danielsan
 
Posts: 541
Joined: 2010-10-10 22:36

Re: INITRAMFS + HOOK, help to understand the documentation

Postby Danielsan » 2019-07-12 20:26

I found my issue I was been hours working on

Code: Select all
/etc/initramfs-tools/hooks


convinced that was:

Code: Select all
 /etc/cryptsetup-initramfs/conf-hook


Oh man... :shock:
User avatar
Danielsan
 
Posts: 541
Joined: 2010-10-10 22:36

Re: [SOLVED] INITRAMFS + HOOK, help...

Postby Danielsan » 2019-07-17 20:44

I want just confirm that it works.
User avatar
Danielsan
 
Posts: 541
Joined: 2010-10-10 22:36


Return to System configuration

Who is online

Users browsing this forum: No registered users and 3 guests

fashionable