LUKS keyfile for GRUB2

30-09-22 13:49 simon arch, luks

Having setup a LVM disk with LUKS encryption on my main machine, I used the guide I made for the Chromebook with some minor changes. I now wanted to add a USB drive with the key file to save entering the password all the time.

As long as the USB key is present it boots to the desktop, if not the password is needed.

The changes are in /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 cryptdevice=/dev/nvme0n1p3:volumegroup:allow-discards cryptkey=/dev/disk/by-uuid/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:ext4:/<filename>  quiet"

and in /etc/mkinitcpio.conf

MODULES=(ext4)

Then grub-mkconfig -o /boot/grub/grub.cfg

and boot with the usb drive in, no password needed.

To create the password file

echo -n '<your luks password>' /run/media/simon/USBDRIVE/<filename>

Simon's Blog

LUKS keyfile for GRUB2

Simon Jones

SimpleSearch

Popular Tags

Archives

LUKS keyfile for GRUB2

Related Posts

Simon Jones

SimpleSearch

Popular Tags

Archives