gabriel-del Posted June 18, 2021 Report Share Posted June 18, 2021 Hello, I have a crypted /home (/dev/mapper/lvm-home) inside lvm, and a keyfile on /boot (/dev/sda1): /boot/keyfile Why: On normal days, it boot automatically, but on vacations/trips I delet the /boot/keyfile and people can't access. On ArchLinux it worked with: [ /etc/default/grub ] GRUB_CMDLINE_LINUX="cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/.boot root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4" and before: grub-mkconfig -o /boot/grub/grub.cfg On Funtoo I tried the same and: [ /etc/crypttab ] home UUID=44ae1749-28d7-4f35-9948-e02b747213cf /dev/disk/by-uuid/013e1dc7-cb3f-4a90-8b4e-251179adcbe5:/keyfile luks,initramfs [ /etc/conf.d/dmcrypt ] target=home source=UUID=44ae1749-28d7-4f35-9948-e02b747213cf key=/dev/disk/by-uuid/013e1dc7-cb3f-4a90-8b4e-251179adcbe5:/keyfile With "genkernel --lvm --luks initramfs" after all. [ /boot/grub/grub.cfg ] linux /kernel-debian-sources-x86_64-5.10.40_p1 root=/dev/mapper/lvm-funtoo ro cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/keyfile root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4 loglevel=7 echo 'Loading initial ramdisk ...' initrd /early_ucode.cpio /initramfs-genkernel-x86_64-5.10.40_p1-debian-sources [ /etc/fstab ] /dev/mapper/lvm-funtoo / ext4 defaults 0 1 /dev/sda1 /boot ext4 defaults 0 0 /dev/mapper/home /home ext4 defaults 0 0 /home/.swap none swap sw 0 0 Link to comment Share on other sites More sharing options...
1 cardinal Posted June 19, 2021 Report Share Posted June 19, 2021 LUKS encrypted root filesystems can not be unlocked on boot. https://bugs.funtoo.org/browse/FL-8318 https://gesis.pw/encrypted-rootfs-on-funtoo-linux-1-4/ Link to comment Share on other sites More sharing options...
0 gabriel-del Posted June 20, 2021 Author Report Share Posted June 20, 2021 Thank you for the reply!! I tried the: sed '/MODULES_CRYPT/ s/\"$/ af_alg algif_skcipher\"/' -i /usr/share/genkernel/arch/$(arch)/modules_load and: genkernel --clean --luks --lvm --disklabel --ramdisk-modules --fullname=$(ls /boot/initramfs-* | tail -c +17) initramfs But stil don't work. As the only encrypet partition is the /home (the / is not), it should work even without use kernel parametrs, right? For example using the crypttab or dmcrypt. Link to comment Share on other sites More sharing options...
Question
gabriel-del
Hello, I have a crypted /home (/dev/mapper/lvm-home) inside lvm, and a keyfile on /boot (/dev/sda1): /boot/keyfile
Why: On normal days, it boot automatically, but on vacations/trips I delet the /boot/keyfile and people can't access.
On ArchLinux it worked with:
[ /etc/default/grub ]
GRUB_CMDLINE_LINUX="cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/.boot root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4"
and before: grub-mkconfig -o /boot/grub/grub.cfg
On Funtoo I tried the same and:
[ /etc/crypttab ]
home UUID=44ae1749-28d7-4f35-9948-e02b747213cf /dev/disk/by-uuid/013e1dc7-cb3f-4a90-8b4e-251179adcbe5:/keyfile luks,initramfs
[ /etc/conf.d/dmcrypt ]
target=home
source=UUID=44ae1749-28d7-4f35-9948-e02b747213cf
key=/dev/disk/by-uuid/013e1dc7-cb3f-4a90-8b4e-251179adcbe5:/keyfile
With "genkernel --lvm --luks initramfs" after all.
[ /boot/grub/grub.cfg ]
linux /kernel-debian-sources-x86_64-5.10.40_p1 root=/dev/mapper/lvm-funtoo ro cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/keyfile root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4 loglevel=7
echo 'Loading initial ramdisk ...'
initrd /early_ucode.cpio /initramfs-genkernel-x86_64-5.10.40_p1-debian-sources
[ /etc/fstab ]
/dev/mapper/lvm-funtoo / ext4 defaults 0 1
/dev/sda1 /boot ext4 defaults 0 0
/dev/mapper/home /home ext4 defaults 0 0
/home/.swap none swap sw 0 0
Link to comment
Share on other sites
2 answers to this question
Recommended Posts