You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2019-12-17 10:09:15
- drossbox
- Member
- Registered: 2019-12-04
- Posts: 24
USB keyfile with GRUB_ENABLE_CRYPTODISK
Hi all. I've set GRUB_ENABLE_CRYPTODISK=y and am prompted to enter the passphrase for my encrypted /boot partition. Is there any way I can use a USB to hold a keyfile in this instance to avoid entering the password manually? I can't find any literature on whether this is possible at such an early stage.
Offline
#2 2019-12-17 10:40:41
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,504
Re: USB keyfile with GRUB_ENABLE_CRYPTODISK
It's not possible with Grub. It will ask for passphrase from keyboard no matter what. So for "USB to hold a keyfile" you would need a USB that pretends to be a keyboard and sends key events.
Or migrate GRUB and /boot to USB altogether (unencrypted) and then do something fancy you like in Initramfs - for me, it's ask passphrase for encrypted keyfiles, which in turn unlock internal drives.
Offline
#3 2019-12-17 11:16:22
- drossbox
- Member
- Registered: 2019-12-04
- Posts: 24
Re: USB keyfile with GRUB_ENABLE_CRYPTODISK
That's pretty much what I expected. No matter, putting one passphrase in isn't much of a hardship.
Offline
Pages: 1