In my current confing, I have two partitions /boot - unencrypted and / - crypted with LUKS.
When starting I can either type keyphrase, either have an USB stick in with th keyfile on the first partition. If theres not USB in, it asks for passw in 10 seconds.
My question is how can I do this to also use an SD card. So:
1. Is SD card with keyfile in?
2. If no, is USB with keyfile in?
3. if no, ask for password.
Or, if not possible, to use an SD instead of USB. SD Card reder is the internal one on my laptop.
MENU LABEL Arch Linux
APPEND root=/dev/mapper/root cryptdevice=/dev/sda5:root cryptkey=/dev/disk/by-uuid/74E9-85DF:vfat:/secretkey ro
MODULES="vfat dm_mod ext4"
HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"
I guess I have to:
1. add module for SD loading
2. add to append another cryptkey pointing to that. Will it work with two cryptkey options?
I'm first asking as I don't want to mess my system.
Last edited by MilenKid (2013-04-24 14:52:49)
I added a new entry to syslinux.cfg
(this is the usb partition with the keyfile UUID)
Module ehci-pci to Modules in mkinitcpio.conf, and rebuilt the image.
Unfortunately it waits for keyfile for 10 seconds and does not read the key, so I have to type the pass.
I think the module is wrong, but I don't know what to use in order to have Card Reader access on kernel image loading. I got the ehci-pci module from lspci -v list, it was Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
Any ideas or links?
Did it, module was rts5139. Thanks to #archlinux