On Oct 16, 2015, at 9:20 AM, Marcello Barnaba <v...@openssl.it> wrote:
> >>> Workaround: add "luks=no" to the kernel command line to disable systemd's >>> generator: >>> http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html > >> Does this work for encrypted root as well? Or is it only for things like >> swap and /home that can wait until after switching out of initramdisk? >> If it works for encrypted root, this is genuinely good news! > > Yes. I'm using passdev in initramfs at the scripts/local-top > stage as per cryptsetup docs to mount an encrypted root, > unlocking it via a keyfile located on an USB key. > > /etc/crypttab: > > # dev source keyfile opts > root /dev/sda2 /dev/disk/by-label/keys:/rootkey luks,keyscript=passdev > > Then, update-initramfs -u > > /dev/sda2 set up using cryptsetup luksFormat. No LVM. > Working on current Kali Linux, based on Jessie/sid. > Sorry I don't have version numbers at hand. > > HTH, YMMV! :) > > ~Marcello Woo Hoo! I can’t wait to test it! (-: (-: (-: