Encrypted boot disk

[alikzn101]

Hi Guys

Are there any methods to boot from a encrypted boot disk without putting in the password manually ? Is there an online option to get the passphrase accepted ?

Thanks
Al

[p.H]

I'm afraid not. From https://www.gnu.org/software/grub/manua ... figuration :

‘GRUB_ENABLE_CRYPTODISK’

If set to ‘y’, grub-mkconfig and grub-install will check for encrypted disks and generate additional commands needed to access them during boot. Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container.

Or do you actually mean "mount an encrypted root filesystem" after booting from an unencrypted /boot filesystem ?

[alikzn101]

Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container.

So I guess the correct term is unattended boot on an encrypted partition.
I read somewhere that and online service can be called to allow the system to boot, but I cannot find that info anymore.

So how would a customer on cloud provider boot on an encrypted partition?

[sickpig]

You can add the root unlock luks key in initramfs by specifying its location in /etc/cryptsetup-initramfs/conf-hook AND then regenerate initramfs.

As far as /boot is concerned I do not suppose that is encrypted on instances provided in public cloud.

I did not find 'insmod cryptodisk' in grub.cfg on any of my encrypted instances in different public clouds.

edit - Also did not find 'GRUB_ENABLE_CRYPTODISK=y' in /etc/default/grub