On Tue, Sep 29, 2020 at 07:57:46PM +0100, g4sra via Dng wrote: > > If you include the "initramfs" option in /etc/crypttab, keys noted in > > entries marked with that will be automatically included. > > > > Not in the scripts I had, they explicitly excluded any keys for the root > filesystem because Debian Devs know better than me (including them in an > initramfs is insecure).
Ah, sorry. I was thinking of filesystems to be unlocked, not key data itself. I include "initramfs" in crypttab and I use passphrases on boot, and that keyword is what enables the prompt for the filesystem(s) in question. I sometimes have others that use keys that are on the encrypted root, and those don't specify "initramfs" as they can wait until the normal boot phase. Only vaguely related, something I haven't played with yet that I'd like to: https://github.com/latchset/clevis -- Mason Loring Bliss ma...@blisses.org They also surf, who only stand on waves.
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng