Thank you Martin. Just to provide the larger context of what I am trying to do:
Root Filesystem Encryption (unlock using passphrase) during boot - I want to achieve this without using a custom kernel. This seems to be possible since the fs ramdisk-cgdroot.fs in boot.cfg(5) obviates the need for a custom kernel module with the ramdisk embedded. However, there is no guidance on this on the wiki/man pages. - I have a EFI boot partition but also another user defined partition (/xyz) that is not encrypted. I can make this bootable if there’s any utility to doing so. Once Root Filesystem Encryption is stable (unlock with passphrase during the boot process), I’d like to have the option to perform the passphrase based “unlock” of the root partition via SSH (and subsequently complete the boot process). -Arvind > On Apr 30, 2024, at 3:48 AM, Martin Husemann <mar...@duskware.de> wrote: > > On Mon, Apr 29, 2024 at 07:12:16PM +0000, Arvind wrote: > >> Sure, was just using the linux remote unlock as an example of what >> we're trying to get configured (after encrypting the root partition >> with passphrase unlock). Any help from the group would be much >> appreciated. > > It should be relatively simple to add that to the root partition setup > with a few rc.d scripts and a bit of sshd setup (but there seems to be > no plug+play pkg for it nor a quick howto documentation). > > We also should support the auto-booting clevis + tang alternative (but > both lack a pkg and again there should be a short howto documentation). > > Has anyone done one or the other and would like to share details? > > Martin
