Jump to content
  • 0

/home with luks on lvm and key on /boot


Question

Hello, I have a crypted /home (/dev/mapper/lvm-home) inside lvm, and a keyfile on /boot (/dev/sda1): /boot/keyfile

Why: On normal days, it boot automatically, but on vacations/trips I delet the /boot/keyfile and people can't access.

 

On ArchLinux it worked with: 

[ /etc/default/grub ]

GRUB_CMDLINE_LINUX="cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/.boot root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4"

and before: grub-mkconfig -o /boot/grub/grub.cfg

 

On Funtoo I tried the same and:

[ /etc/crypttab ]

home UUID=44ae1749-28d7-4f35-9948-e02b747213cf /dev/disk/by-uuid/013e1dc7-cb3f-4a90-8b4e-251179adcbe5:/keyfile luks,initramfs
 

[ /etc/conf.d/dmcrypt ]

target=home
source=UUID=44ae1749-28d7-4f35-9948-e02b747213cf
key=/dev/disk/by-uuid/013e1dc7-cb3f-4a90-8b4e-251179adcbe5:/keyfile
 

With "genkernel --lvm --luks initramfs"  after all.

 

[ /boot/grub/grub.cfg ]

linux    /kernel-debian-sources-x86_64-5.10.40_p1 root=/dev/mapper/lvm-funtoo ro cryptdevice=/dev/mapper/lvm-home:home cryptkey=/dev/sda1:ext4:/keyfile  root=/dev/mapper/lvm-funtoo dolvm rootfstype=ext4 loglevel=7
echo    'Loading initial ramdisk ...'
initrd    /early_ucode.cpio /initramfs-genkernel-x86_64-5.10.40_p1-debian-sources

 

[ /etc/fstab ]

/dev/mapper/lvm-funtoo        /               ext4        defaults        0 1
/dev/sda1                                /boot        ext4        defaults        0 0
/dev/mapper/home                /home      ext4        defaults        0 0
/home/.swap                          none        swap       sw                 0 0

 

 

Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Thank you for the reply!!

 

I tried the: 

sed '/MODULES_CRYPT/ s/\"$/ af_alg algif_skcipher\"/' -i /usr/share/genkernel/arch/$(arch)/modules_load

and: 

genkernel --clean --luks --lvm --disklabel --ramdisk-modules --fullname=$(ls /boot/initramfs-* | tail -c +17) initramfs

 

But stil don't work.

As the only encrypet partition is the /home (the / is not), it should work even without use kernel parametrs, right?

For example using the crypttab or dmcrypt.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...