Jump to content
Read the Funtoo Newsletter: Summer 2023 ×
  • 0

/home with luks on lvm and key on /boot



Hello, I have a crypted /home (/dev/mapper/lvm-home) inside lvm, and a keyfile on /boot (/dev/sda1): /boot/keyfile

Why: On normal days, it boot automatically, but on vacations/trips I delet the /boot/keyfile and people can't access.


On ArchLinux it worked with: 

[ /etc/default/grub ]

GRUB_CMDLINE_LINUX="cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/.boot root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4"

and before: grub-mkconfig -o /boot/grub/grub.cfg


On Funtoo I tried the same and:

[ /etc/crypttab ]

home UUID=44ae1749-28d7-4f35-9948-e02b747213cf /dev/disk/by-uuid/013e1dc7-cb3f-4a90-8b4e-251179adcbe5:/keyfile luks,initramfs

[ /etc/conf.d/dmcrypt ]


With "genkernel --lvm --luks initramfs"  after all.


[ /boot/grub/grub.cfg ]

linux    /kernel-debian-sources-x86_64-5.10.40_p1 root=/dev/mapper/lvm-funtoo ro cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/keyfile  root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4 loglevel=7
echo    'Loading initial ramdisk ...'
initrd    /early_ucode.cpio /initramfs-genkernel-x86_64-5.10.40_p1-debian-sources


[ /etc/fstab ]

/dev/mapper/lvm-funtoo        /               ext4        defaults        0 1
/dev/sda1                                /boot        ext4        defaults        0 0
/dev/mapper/home                /home      ext4        defaults        0 0
/home/.swap                          none        swap       sw                 0 0



Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Thank you for the reply!!


I tried the: 

sed '/MODULES_CRYPT/ s/\"$/ af_alg algif_skcipher\"/' -i /usr/share/genkernel/arch/$(arch)/modules_load


genkernel --clean --luks --lvm --disklabel --ramdisk-modules --fullname=$(ls /boot/initramfs-* | tail -c +17) initramfs


But stil don't work.

As the only encrypet partition is the /home (the / is not), it should work even without use kernel parametrs, right?

For example using the crypttab or dmcrypt.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...