[arch-general] grub2 + luks + keyfile
Adrian Pop
sultryweather at gmail.com
Mon Aug 20 19:47:31 EDT 2012
Hello,
I'm trying to configure grub2 to read a keyfile from a usb flash drive
in order to decrypt the root partition. The grub2 wiki page specifies
that in order to decrypt the root partition, the following should be
added in /etc/default/grub:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root"
Also an earlier version of the luks wiki page, that was intended for
grub-legacy, mentioned that to decrypt the root partition using a
keyfile, the following kernel parameter has to be added:
cryptkey=/dev/disk/by-uuid/<uuid>:vfat:/keyfile
So I've attempted to add both of these parameters in /etc/default/grub:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root
cryptkey=/dev/disk/by-uuid/3848-EFD5:vfat:/keyfile"
I've also added the encrypt hook and vfat module in
/etc/mkinitcpio.conf.
This is displayed while booting up:
:: running early hook [udev]
:: running hook [udev]
:: Triggering uevents...
:: running hook [encrypt]
Waiting 10 seconds for device /dev/disk/by-uuid/3848-EFD5 ...
Keyfile could not be opened. Reverting to passphrase.
The usb flash drive is formated with mkfs.vfat and contains just the
keyfile. I would greatly appreciate any advice.
More information about the arch-general
mailing list