How to auto mount luks partition with keyfile?
by ddenial from LinuxQuestions.org on (#5MN93)
Hello
My distro is Fedora 34 with btrfs subvolumes. How to boot luks volume without asking for the password?
This is the partition list created in Fedora's Anaconda installer automatic configuration.
Code:# lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
sda
sda1 vfat FAT32 167C-D77D 582.7M 3% /boot/efi
sda2 ext4 1.0 549c24b5-5c17-4d30-a247-e210ccb8b0af 768.5M 14% /boot
sda3 crypto_LUKS 2 13b91ea9-5c16-48b4-8404-91e2160d9b07
luks-13b91ea9-5c16-48b4-8404-91e2160d9b07 btrfs fedora_localhost-live 54039dd4-8bc4-46ad-947e-279fe8e3744d 34.8G 9% /home
sr0
zram0 [SWAP]
# cat /etc/fstab
UUID=54039dd4-8bc4-46ad-947e-279fe8e3744d / btrfs subvol=root,compress=zstd:1,x-systemd.device-timeout=0 0 0
UUID=549c24b5-5c17-4d30-a247-e210ccb8b0af /boot ext4 defaults 1 2
UUID=167C-D77D /boot/efi vfat umask=0077,shortname=winnt 0 2
UUID=54039dd4-8bc4-46ad-947e-279fe8e3744d /home btrfs subvol=home,compress=zstd:1,x-systemd.device-timeout=0 0 0
# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.luks.uuid=luks-13b91ea9-5c16-48b4-8404-91e2160d9b07 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=trueThese are the steps I did.
Code:# dd if=/dev/urandom of=/root/sda3.key bs=512 count=4
# chmod 400 /root/sda3.key
# cryptsetup luksAddKey UUID=13b91ea9-5c16-48b4-8404-91e2160d9b07 /root/sda3.key
# cat /etc/crypttab
luks-13b91ea9-5c16-48b4-8404-91e2160d9b07 UUID=13b91ea9-5c16-48b4-8404-91e2160d9b07 /root/sda3.key luksBut it is not working. I'm still getting luks password screen.
How do I automount luks partition without asking password using keyfile?
Thanks
My distro is Fedora 34 with btrfs subvolumes. How to boot luks volume without asking for the password?
This is the partition list created in Fedora's Anaconda installer automatic configuration.
Code:# lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
sda
sda1 vfat FAT32 167C-D77D 582.7M 3% /boot/efi
sda2 ext4 1.0 549c24b5-5c17-4d30-a247-e210ccb8b0af 768.5M 14% /boot
sda3 crypto_LUKS 2 13b91ea9-5c16-48b4-8404-91e2160d9b07
luks-13b91ea9-5c16-48b4-8404-91e2160d9b07 btrfs fedora_localhost-live 54039dd4-8bc4-46ad-947e-279fe8e3744d 34.8G 9% /home
sr0
zram0 [SWAP]
# cat /etc/fstab
UUID=54039dd4-8bc4-46ad-947e-279fe8e3744d / btrfs subvol=root,compress=zstd:1,x-systemd.device-timeout=0 0 0
UUID=549c24b5-5c17-4d30-a247-e210ccb8b0af /boot ext4 defaults 1 2
UUID=167C-D77D /boot/efi vfat umask=0077,shortname=winnt 0 2
UUID=54039dd4-8bc4-46ad-947e-279fe8e3744d /home btrfs subvol=home,compress=zstd:1,x-systemd.device-timeout=0 0 0
# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.luks.uuid=luks-13b91ea9-5c16-48b4-8404-91e2160d9b07 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=trueThese are the steps I did.
Code:# dd if=/dev/urandom of=/root/sda3.key bs=512 count=4
# chmod 400 /root/sda3.key
# cryptsetup luksAddKey UUID=13b91ea9-5c16-48b4-8404-91e2160d9b07 /root/sda3.key
# cat /etc/crypttab
luks-13b91ea9-5c16-48b4-8404-91e2160d9b07 UUID=13b91ea9-5c16-48b4-8404-91e2160d9b07 /root/sda3.key luksBut it is not working. I'm still getting luks password screen.
How do I automount luks partition without asking password using keyfile?
Thanks