Skip to content

Instantly share code, notes, and snippets.

@stigok

stigok/decryption-keys

Last active May 9, 2018
Embed
What would you like to do?
mkinitcpio install hook to embed LUKS decryption keys to initramfs
#!/bin.bash
# stigok 22-02-2018
KEYDIR=/etc/initcpio/keys
function help {
cat <<EOF
This hook will embed decryption keys for the encrypted root device into
initramfs to automatically mount the root partition after a successful
decryption of the boot partition.
Expects keyfiles to reside in $KEYDIR with files named after their mount name
E.g: $KEYDIR/encrypted-boot.key
EOF
}
function build {
# Add all available keys
for file in $KEYDIR/*; do
[ -e "$file" ] || continue
add_file "$file" "/$(basename $file)" 0400
done
}
@stigok

This comment has been minimized.

Copy link
Owner Author

@stigok stigok commented May 2, 2018

This hook should be specified in /etc/mkinitcpio.conf in the HOOKS array. Example:

HOOKS=(base udev autodetect modconf block encrypt lvm2 resume decryption-keys filesystems fsck)
@stigok

This comment has been minimized.

Copy link
Owner Author

@stigok stigok commented May 9, 2018

This file should reside at /etc/initcpio/install/decryption-keys

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment