Re: Fedora 17 - Unlocking LUKS encrypted LVM volume with key file |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Fedora 17 - Unlocking LUKS encrypted LVM volume with key file
- From: Mateusz Marzantowicz <mmarzantowicz@xxxxxxxxxxx>
- Date: Fri, 17 Aug 2012 11:56:56 +0200
- Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <502DEA7C.1070807@osdf.com.pl>
- Reply-to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
On 17.08.2012 08:53, Mateusz Marzantowicz wrote:
> Is there support in Fedora 17 for unlocking encrypted LVM volume (which
> acts as a container for my root, swap and other partitions) with key
> file placed on SD/MMC card during system boot up process?
>
> Currently I have to provide passphrase during system boot (standard
> behavior), but I'd like to allow automatic unlock during power on/reboot
> when I have SD card plugged in.
>
> I've started to read some web pages and tutorials with different
> solutions but I'm curious if there is a recommended way for doing this
> in Fedora 17.
>
> My current understanding of dm-crypt/LUKS on Fedora is that I need to
> make some changes to dracut and udev in order to unlock encrypted
> volumes using key files, but maybe something has changed in F17 and
> there is an option to pass in grub/kernel/initrd command line to do this?
>
>
> Mateusz Marzantowicz
I've managed to accomplish what I asked above. The solutions is quite
easy but documentation is horrible and to be 100% sure how and what I
have to do, I had to analyze dracut's source code. :P
Procedure is as follows:
1) Generate new key and store it in a file on SD card: just grab 4096
(or less) bytes from some random device.
2) Add key from that file to one of free key slots:
cryptsetup luksAddKey /path/to/key
3) Modify /etc/default/grub by changing GRUB_CMDLINE_LINUX:
rd.luks.key=<filename>:<device>
4) Recreate /boot/grub2/grub.cfg file.
5) Reboot and see how your partition is unlocked without passphrase.
Mateusz Marzantowicz
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users]
[Fedora Announce]
[Fedora Package Announce]
[EPEL Announce]
[Fedora News]
[Fedora Cloud]
[Fedora Advisory Board]
[Fedora Education]
[Fedora Security]
[Fedora Scitech]
[Fedora Robotics]
[Fedora Maintainers]
[Fedora Infrastructure]
[Fedora Websites]
[Anaconda Devel]
[Fedora Devel Java]
[Fedora Legacy]
[Fedora Desktop]
[Fedora Fonts]
[ATA RAID]
[Fedora Marketing]
[Fedora Management Tools]
[Fedora Mentors]
[SSH]
[Find Someone Special]
[Fedora Package Review]
[Fedora R Devel]
[Fedora PHP Devel]
[Kickstart]
[Fedora Music]
[Fedora Packaging]
[Centos]
[Fedora SELinux]
[Fedora Legal]
[Fedora Kernel]
[Fedora QA]
[Fedora Triage]
[Fedora OCaml]
[Coolkey]
[Virtualization Tools]
[ET Management Tools]
[Yum Users]
[Tux]
[Yosemite News]
[Yosemite Photos]
[Linux Apps]
[Maemo Users]
[Gnome Users]
[KDE Users]
[Fedora Tools]
[Fedora Art]
[Fedora Docs]
[Maemo Users]
[Asterisk PBX]
[Fedora Sparc]
[Fedora Universal Network Connector]
[Libvirt Users]
[Fedora ARM]
