On Tuesday, August 21, 2018 at 12:31:26 PM UTC+1, Unman wrote: > On Tue, Aug 21, 2018 at 02:23:56AM -0700, tierl...@gmail.com wrote: > > Is this possible? Can dracut be configured to decrypt a LUKS volume with a > > detached header? > > > > I think that dracut generally wants to have a UUID, and with a detached > header you won't have one. You could use the serial number. > You'll also need to add a udev attribute for crypto_LUKS, I think. > I recall reading someone who did have dracut working in this setup, but > it needed some changes to the crypt module. > You could always specify the header file and key file in the kernel > command line using cryptdevice and cryptkey options.
--> "You could always specify the header file and key file in the kernel command line using cryptdevice and cryptkey options." Interesting, what would that look like? Something like this? (lifted from Gentoo forums): root=/dev/ram0 real_root=/dev/mapper/vg-root cryptdevice=/dev/sda4:crypt But doesn't that just specify the LUKS volume? How can explicitly specify the location of the header file? Is it possible to build a custom initramfs with mkinitcpio (or another) without having to recompile the kernel? I'm assuming yes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16899c5a-0dd9-4a59-a651-d646ca398cb2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
