[SOLVED] Hard time trying to setup LUKS/LVM boot with key file from MMC/SD
by denydias from LinuxQuestions.org on (#5BQ78)
Hi there!
I'm having quite a hard time trying to boot into a LUKS/LVM partition using a key file stored at MMC/SD card. It looks I have everything properly setup, but all I see is the passphrase prompt. I'm obviously missing something and came here to look for some help.
This is how I've set it up for now:
Code:$ blkid /dev/mmcblk0p1
/dev/mmcblk0p1: SEC_TYPE="msdos" LABEL_FATBOOT="KEYS" LABEL="KEYS" UUID="0A8F-315D" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="66fa5c9a-93"
$ dd bs=512 count=8 if=/dev/random of=/run/media/me/KEYS/key.bin iflag=fullblock
# cryptsetup -v luksAddKey /dev/sdb3 /run/media/me/KEYS/key.bin
# cryptsetup luksDump /dev/sdb3
...
Keyslots:
...
1: luks2
Key: 256 bits
...
# mkinitrd -c -k 5.4.83 -f ext4 -r /dev/cryptvg/root \
-m mmc_core:mmc_block:sdhci:sdhci-pci:usb-storage:efivarfs:ext4:vfat \
-C /dev/sdb3 -L -u -h /dev/cryptvg/swap -c -s /var/lib/initrd-tree/ \
-L -T /dev/sdb3 -w 1 -o /boot/initrd-5.4.83.gz -K LABEL=KEYS:/key.bin
# cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
GRUB_CMDLINE_LINUX_DEFAULT="...luksdev=sda3 lukstrim=sda3 lukskey=LABEL=KEYS:/key.bin"
# grub-mkconfig -o /boot/grub/grub.cfg
# dmesg | grep -A 2 mmc
[ 5.411269] mmc0: new high speed SDHC card at address b368
[ 5.412654] mmcblk0: mmc0:b368 SDC 30.2 GiB
[ 5.415381] mmcblk0: p1
# cat /var/lib/initrd-tree/lukskey
LABEL=KEYS:/key.bindmesg lines above are printed just before LUKS passphrase prompt, which proves that MMC/SD reader is being detected by initrd phase. Nevertheless, the key file at KEYS:/key.bin is not being recognized, hence a passphrase prompt pops into my face.
Can someone point me out where I'm messing it up?
I'm having quite a hard time trying to boot into a LUKS/LVM partition using a key file stored at MMC/SD card. It looks I have everything properly setup, but all I see is the passphrase prompt. I'm obviously missing something and came here to look for some help.
This is how I've set it up for now:
Code:$ blkid /dev/mmcblk0p1
/dev/mmcblk0p1: SEC_TYPE="msdos" LABEL_FATBOOT="KEYS" LABEL="KEYS" UUID="0A8F-315D" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="66fa5c9a-93"
$ dd bs=512 count=8 if=/dev/random of=/run/media/me/KEYS/key.bin iflag=fullblock
# cryptsetup -v luksAddKey /dev/sdb3 /run/media/me/KEYS/key.bin
# cryptsetup luksDump /dev/sdb3
...
Keyslots:
...
1: luks2
Key: 256 bits
...
# mkinitrd -c -k 5.4.83 -f ext4 -r /dev/cryptvg/root \
-m mmc_core:mmc_block:sdhci:sdhci-pci:usb-storage:efivarfs:ext4:vfat \
-C /dev/sdb3 -L -u -h /dev/cryptvg/swap -c -s /var/lib/initrd-tree/ \
-L -T /dev/sdb3 -w 1 -o /boot/initrd-5.4.83.gz -K LABEL=KEYS:/key.bin
# cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
GRUB_CMDLINE_LINUX_DEFAULT="...luksdev=sda3 lukstrim=sda3 lukskey=LABEL=KEYS:/key.bin"
# grub-mkconfig -o /boot/grub/grub.cfg
# dmesg | grep -A 2 mmc
[ 5.411269] mmc0: new high speed SDHC card at address b368
[ 5.412654] mmcblk0: mmc0:b368 SDC 30.2 GiB
[ 5.415381] mmcblk0: p1
# cat /var/lib/initrd-tree/lukskey
LABEL=KEYS:/key.bindmesg lines above are printed just before LUKS passphrase prompt, which proves that MMC/SD reader is being detected by initrd phase. Nevertheless, the key file at KEYS:/key.bin is not being recognized, hence a passphrase prompt pops into my face.
Can someone point me out where I'm messing it up?