Bug#618862: systemd: ignores keyscript in crypttab
Marcello Barnaba
vjt at openssl.it
Fri Oct 16 17:20:01 BST 2015
>> Workaround: add "luks=no" to the kernel command line to disable systemd's generator: http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html
> Does this work for encrypted root as well? Or is it only for things like swap and /home that can wait until after switching out of initramdisk?
> If it works for encrypted root, this is genuinely good news!
Yes. I'm using passdev in initramfs at the scripts/local-top
stage as per cryptsetup docs to mount an encrypted root,
unlocking it via a keyfile located on an USB key.
/etc/crypttab:
# dev source keyfile opts
root /dev/sda2 /dev/disk/by-label/keys:/rootkey luks,keyscript=passdev
Then, update-initramfs -u
/dev/sda2 set up using cryptsetup luksFormat. No LVM.
Working on current Kali Linux, based on Jessie/sid.
Sorry I don't have version numbers at hand.
HTH, YMMV! :)
~Marcello
--
~ vjt at openssl.it
~ http://sindro.me/
More information about the Pkg-systemd-maintainers
mailing list