You are not logged in.
I've set up my system to encrypt my /home and other data partitions (on two different hard drives), using LUKS and dm-crypt, but did not want to encrypt my root partition.
This has created the problem that if I want to store keyfiles to unlock the encrypted partitions and only have to enter a password once at boot, there is no encrypted partition to securely store the keyfiles on. (I don't want to use a USB key.) The problem seems to be that at the point that the system asks for the password to the first listed encrypted partition in /etc/crypttab it only unlocks that partition, but does not seem to mount it yet, so I can't store the keyfiles for the other encrypted partitions there.
I found this post (https://bbs.archlinux.org/viewtopic.php … 98#p523098) that suggests a way to store the keys in an encrypted loop partition partition stored on the root partition, then mount it with a modified version of rc.sysinit that executes a couple other scripts.
My difficulty with this solution is that I'm an end user and patching rc.sysint, creating the scripts, etc., is a little beyond me. I don't know how to do the patching. I don't really know how to create scripts. (Although I'm trying to figure it out.)
So I'm wondering if this is really the simplest solution, if I don't have an encrypted root partition? Thanks for any help.
Offline