LUKS keyfile for GRUB2

30-09-22 13:49 simon

Having setup a LVM disk with LUKS encryption on my main machine, I used the guide I made for the Chromebook with some minor changes. I now wanted to add a USB drive with the key file to save entering the password all the time.

As long as the USB key is present it boots to the desktop, if not the password is needed.

The changes are in /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 cryptdevice=/dev/nvme0n1p3:volumegroup:allow-discards cryptkey=/dev/disk/by-uuid/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:ext4:/<filename>  quiet"

and in /etc/mkinitcpio.conf


Then grub-mkconfig -o /boot/grub/grub.cfg

and boot with the usb drive in, no password needed.

To create the password file

echo -n '<your luks password>' /run/media/simon/USBDRIVE/<filename>


Add a comment