3

Auto-unlocking LUKS with keyfile from CD-ROM

view full story
linux-howto

http://forums.fedoraforum.org – On the lines of this thread: Unlocking LUKS with USB key - method - seeking help to improve, I am trying to automatically boot a system with an encrypted drive by pointing it to a keyfile on a CD-ROM. I have revived this laptop to use it as a file server. This would enable me to boot the server when away from home. The reason behind trying the CD-ROM approach is that the USB port contacts are loose and proving to be unreliable. The boot process appears to go past the point where the password prompt comes up, but fails like so shortly after. Don't have a clue where to start investigating. An (HowTos)

unic's picture
Submitted by unic on 07/02/2012 – Made popular on 07/02/2012

Stories similar to Auto-unlocking LUKS with keyfile from CD-ROM

I already asked once about LUKS unlocking of multiple HDDs in Linux: LUKS and multiple hard drives.

Now I would like to know how to secure store the keyfile used for the automatic unlock of the associated partitions.

My plan is (if possible):

Encrypt a small USB drive with LUKS that requires a passphrase Unlock it at boot as the first drive by using the passphrase Mount it to a given mount poi

I have a machine with a brand new install of Fedora 11 with luks encryption. I've added a keyfile to luks and have put that keyfile on a usb stick. I'd like the machine to boot all the way in when it's powered on with the usb stick plugged in.

Hi all.

[ update: manually mounting them can now be done if you read all the way though... retaining the entire post as it may help others... BUT root cause is still outstanding in that encrypted disks that automatically setup LVM volumes at boot in F17 will not in F18]

I have been unable to access encrypted LUKS volumes since I used fedup to upgrade to F18.

I have come into possession of a Compaq Presario V3000 (V3016US0 laptop on which I finally succeeded in installing Fedora 18. While it runs well when it boots up, the problem is in the boot process.

When I boot the machine, from the time it starts to load the system and pops up the LUKS password prompt is brief.

I have a Debian Linux system (amd64) installed on a RAID-1 system encrypted device (LVM on LUKS) and will have a RAID-6 of >=4 disks where I'll put my data (LUKS and maybe LVM).

I think the basic idea is to unlock the system encrypted partition (at boot at local or via ssh) and to store a keyfile in /etc/crypttab for the RAID-6 encrypted partition. Does that pose a security risk ? I mean ...

Since I have not found a way to have it set so that the computer will fallback to a passphrase on a encrypted root if the usb with keyfile isn't inserted.

Hello!Today I changed over to systemd with my Arch Linux desktop PC. All went fine, but there is one problem where I can't find a solution for. I have two LUKS-encrypted devices in my system, where the password should be asked for on boot.

Thanks for the help so far. I decided against using a keyfile and tailored a set of instructions for my goal (LVM on LUKS, passphrase, non-efi).

My google-fu is not strong. Can't find answers on this one. Maybe I'm googling the wrong stuff.

Okay, so I just redid the server. Installed it something like this: /dev/sda1, /boot, ext2 (unencrypted) /dev/sda2, /, ext3 on luks (Planning on a swapfile if needed.)