On 17.08.2012 08:53, Mateusz Marzantowicz wrote: > Is there support in Fedora 17 for unlocking encrypted LVM volume (which > acts as a container for my root, swap and other partitions) with key > file placed on SD/MMC card during system boot up process? > > Currently I have to provide passphrase during system boot (standard > behavior), but I'd like to allow automatic unlock during power on/reboot > when I have SD card plugged in. > > I've started to read some web pages and tutorials with different > solutions but I'm curious if there is a recommended way for doing this > in Fedora 17. > > My current understanding of dm-crypt/LUKS on Fedora is that I need to > make some changes to dracut and udev in order to unlock encrypted > volumes using key files, but maybe something has changed in F17 and > there is an option to pass in grub/kernel/initrd command line to do this? > > > Mateusz Marzantowicz
I've managed to accomplish what I asked above. The solutions is quite easy but documentation is horrible and to be 100% sure how and what I have to do, I had to analyze dracut's source code. :P Procedure is as follows: 1) Generate new key and store it in a file on SD card: just grab 4096 (or less) bytes from some random device. 2) Add key from that file to one of free key slots: cryptsetup luksAddKey /path/to/key 3) Modify /etc/default/grub by changing GRUB_CMDLINE_LINUX: rd.luks.key=<filename>:<device> 4) Recreate /boot/grub2/grub.cfg file. 5) Reboot and see how your partition is unlocked without passphrase. Mateusz Marzantowicz -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
