Skip to content

Instantly share code, notes, and snippets.

@stigok
Last active June 19, 2022 09:36
Show Gist options
  • Save stigok/7c8d3c872fae5573a870ecd86a4c896c to your computer and use it in GitHub Desktop.
Save stigok/7c8d3c872fae5573a870ecd86a4c896c to your computer and use it in GitHub Desktop.
mkinitcpio install hook to embed LUKS decryption keys to initramfs
#!/bin.bash
# stigok 22-02-2018
KEYDIR=/etc/initcpio/keys
function help {
cat <<EOF
This hook will embed decryption keys for the encrypted root device into
initramfs to automatically mount the root partition after a successful
decryption of the boot partition.
Expects keyfiles to reside in $KEYDIR with files named after their mount name
E.g: $KEYDIR/encrypted-boot.key
EOF
}
function build {
# Add all available keys
for file in $KEYDIR/*; do
[ -e "$file" ] || continue
add_file "$file" "/$(basename $file)" 0400
done
}
@stigok
Copy link
Author

stigok commented May 2, 2018

This hook should be specified in /etc/mkinitcpio.conf in the HOOKS array. Example:

HOOKS=(base udev autodetect modconf block encrypt lvm2 resume decryption-keys filesystems fsck)

@stigok
Copy link
Author

stigok commented May 9, 2018

This file should reside at /etc/initcpio/install/decryption-keys

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment