You are not logged in.

#1 2019-12-17 10:09:15

drossbox
Member
Registered: 2019-12-04
Posts: 22

USB keyfile with GRUB_ENABLE_CRYPTODISK

Hi all. I've set GRUB_ENABLE_CRYPTODISK=y and am prompted to enter the passphrase for my encrypted /boot partition. Is there any way I can use a USB to hold a keyfile in this instance to avoid entering the password manually? I can't find any literature on whether this is possible at such an early stage.

Offline

#2 2019-12-17 10:40:41

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: USB keyfile with GRUB_ENABLE_CRYPTODISK

It's not possible with Grub. It will ask for passphrase from keyboard no matter what. So for "USB to hold a keyfile" you would need a USB that pretends to be a keyboard and sends key events.

Or migrate GRUB and /boot to USB altogether (unencrypted) and then do something fancy you like in Initramfs - for me, it's ask passphrase for encrypted keyfiles, which in turn unlock internal drives.

Offline

#3 2019-12-17 11:16:22

drossbox
Member
Registered: 2019-12-04
Posts: 22

Re: USB keyfile with GRUB_ENABLE_CRYPTODISK

That's pretty much what I expected. No matter,  putting one passphrase in isn't much of a hardship.

Offline

Board footer

Powered by FluxBB