On Tue, Sep 29, 2020 at 07:57:46PM +0100, g4sra via Dng wrote: > > If you include the "initramfs" option in /etc/crypttab, keys noted in > > entries marked with that will be automatically included. > > > > Not in the scripts I had, they explicitly excluded any keys for the root > filesystem because Debian Devs know better than me (including them in an > initramfs is insecure).
Ah, sorry. I was thinking of filesystems to be unlocked, not key data
itself. I include "initramfs" in crypttab and I use passphrases on boot,
and that keyword is what enables the prompt for the filesystem(s) in
question. I sometimes have others that use keys that are on the encrypted
root, and those don't specify "initramfs" as they can wait until the normal
boot phase.
Only vaguely related, something I haven't played with yet that I'd like to:
https://github.com/latchset/clevis
--
Mason Loring Bliss ma...@blisses.org
They also surf, who only stand on waves.
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
