Linux

5342 readers

243 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago

MODERATORS

Ategon

anzo

dwraf_of_ignorance

[Question] Encrypted Partition Unlock via Root Unlocking (self.linux)

submitted 2 months ago by recursive_recursion to c/linux

9 comments fedilink hide all child comments

cross-posted from: https://programming.dev/post/19007507

For context:
I've encrypted the swap partition with:
cryptsetup -v luksFormat /dev/${DEVICE}
cryptsetup luksOpen /dev/${DEVICE} swap
And what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.

Does anyone know if this is possible?
Just thought I'd ask to see if anyone's done this already

Links:

Dm-crypt Unlocking - With a keyfile embedded in the initramfs

Dm-crypt - Automated unlocking and mounting

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 4 days ago* (last edited 4 days ago)

@[email protected] @[email protected]
Thank you for your LVM on LUKS suggestion!
I was able to get it to work with GRUB and now it works in the same way as systemd where only 1 password input is required🤗

What I found to work is creating 3 partitions:

[p0] boot
[p1] EFI
[p2] Root [LVM on LUKS]

after encrypting and creating the required volumes on p2,

I formatted both p0 and p1 as FAT32
formatted rootvol as Btrfs
- mount rootvol to /mnt
  - mount p0 to /mnt/boot
    - mount p1 to /mnt/boot/efi

Now that the base system is done I'm working on a Detached LUKS USB system to further optimize for security after in which I'd be satisfied in knowing that if others use it they'll most likely be safe from most security hazards