This really should not be marked Invalid since it represents a very real regression on recommended and documented functionality that many installs using LUKS rely upon. Workarounds of varying security quality abound as a result instead of a single, well designed and integrated solution.
Indeed, in December 2020 Lennart Poettering created a simple patch for this by extending the cryptsetup code to read an AF_SOCKET [1] and recommended linking that with a system-service that sets StandardOutput=socket [2][3] where the key data can be read from. [1] hasn't been merged into systemd as yet but with some additional push upstream that could likely happen. [1] https://github.com/poettering/systemd/commit/e2c2f868b28f1445e061bf7eb475b0c49efe3ac2 [2] https://github.com/systemd/systemd/pull/3007#issuecomment-710212323 [3] https://github.com/systemd/systemd/pull/3007#issuecomment-713860129 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1451032 Title: keyscript option in crypttab not implemented To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1451032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
