You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-06-11 16:36:42
- IM_N00b
- Member
- Registered: 2022-06-11
- Posts: 8
[Solved]About detached luks header
If I detached the luks header and store it in the usb,
Q1:do I need to stick the usb in when booting?
Q2:what happens if I unplug the usb after unlock luks?
Last edited by IM_N00b (2025-10-04 15:01:16)
Offline
#2 2022-06-11 19:55:31
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,585
Re: [Solved]About detached luks header
If you want to open the LUKS you have to provide the header somehow, when you boot it...
The header is only required at the time you open it (via luksOpen or luksResume after luksSuspend but almost no one uses it).
Otherwise you only need the header when changing passphrase and such things. So yes, you can unmount and unplug it.
Deniability is a weird concept, and LUKS is not designed for it. So moving all headers and traces (so /boot entirely) to an independent / external device is already about the best you can do. But it will still look obviously encrypted...
Offline
#3 2022-06-12 02:25:27
- 5thtimebypassing
- Banned
- Registered: 2022-06-12
- Posts: 5
Re: [Solved]About detached luks header
Personally I would just make a boot and/or efi partition on a USB, and what happens when it's removed is your system won't even display there's anything there in the Bios, until you plug it back in, be aware any alteration or addition to the boot partition post install needs to be done carefully, 1 wrong grub install for example will lock you out, keep MKInitcpio & initramfs up to date frequently.
Last edited by 5thtimebypassing (2022-06-12 02:26:12)
Offline
#4 2022-06-13 12:04:23
- IM_N00b
- Member
- Registered: 2022-06-11
- Posts: 8
Re: [Solved]About detached luks header
Thx i understand.
Offline
Pages: 1