On Mon, 2021-10-11 at 22:28 +0200, Mateusz Jończyk wrote: > Currently, it is not possible to use a keyfile to decrypt the root > file system.
I guess the reason is, that currently such key file would be simply added into the initramfs, from where everyone on the system could read it (and also from the temporary directories used when creating the initramfs image). Cheers, Chris.