Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to get bootloader to decrypt my FS using keyfile
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
petan
n00b
n00b


Joined: 18 Jan 2016
Posts: 55

PostPosted: Fri Jan 22, 2016 5:38 pm    Post subject: How to get bootloader to decrypt my FS using keyfile Reply with quote

I followed this guide: https://wiki.gentoo.org/wiki/DM-Crypt_LUKShttps://wiki.gentoo.org/wiki/DM-Crypt_LUKS

It tells you how you can:

* Create a keyfile using gpg
* Encrypt your filesystem using LUKS
* Use dracut to install all tools needed to decrypt into initramfs

That is all cool, but it doesn't mention at all how you can get your initramfs to actually ask you for a password for that keyfile, and in case you provide it, decrypt the filesystem and mount it to proper places.

That is IMHO fundamental piece of information that is missing there. Any idea?

Let's say my situation now is:

I have sda1 that mounts as /boot and in there I have file /boot/fs.gpg which contains the secret key to decrypt the fs on /dev/sda2

What I need from initrd is to execute:

gpg -qd | cryptsetup luksOpen /dev/sda2 root
mount /dev/mapper/root

But I have no idea how to do that other than modifying the initrd script by hand, which is nasty workaround and I would prefer if dracut did this for me somehow, or at least if I could store this "pre-mount" script somewhere and dracut automagically executed it.

Is there any way
Back to top
View user's profile Send private message
petan
n00b
n00b


Joined: 18 Jan 2016
Posts: 55

PostPosted: Fri Jan 22, 2016 7:45 pm    Post subject: Reply with quote

Few hours of googling and I found some info, I would add that to wiki but it doesn't work.

There is kernel parameter rd.luks.key=name:device:luks, example

rd.luks.key=key.gpg:/dev/sda1:/dev/sda2

By some miracle the boot loader figures out that it's a gpg key and seems to properly ask for a passphrase however then it fails to decrypt the FS with some cryptic message similar to:

No passphrase found to unlock the device


and the initrd hangs. No way to even get to fracking shell.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum