Full Disk Encryption Luks with USB keyfile and fallback to passphrase

Nikosis · 09-13-2020, 07:42 PM

I have a bit of a problem getting this to work. I have 2 key slots on my luks, one for passphrase, another for a keyfile.
here is my :

cat /etc/crypttab

Code:

sda5_crypt UUID=a928ff73-50f1-44e4-80e1-03b79905d294 UUID=341785d4-e610-49c8-b4ac-a0ec71362f21:/KLinux/keyfile.key luks,noauto,keyscript=passdev

cat /etc/fstab

Code:

# /dev/mapper/cryptolinux-cryptroot                /                       ext4                errors=remount-ro            0       1
  UUID=853af3dc-9042-4144-91d1-a58dfa95b513        /                       ext4                errors=remount-ro            0       1
# /boot was on /dev/sda1 during installation
  UUID=ef571281-d77f-4822-8786-b00c6b94dbb6        /boot                   ext4                defaults                     0       2
  /dev/mapper/cryptolinux-crypthome                /home                   ext4                defaults                     0       2
  /dev/mapper/cryptolinux-cryptswap                 none                   swap                sw                           0       0
  /dev/sr0                                                                /media/cdrom0        udf,iso9660 user,noauto      0       0
  UUID=341785d4-e610-49c8-b4ac-a0ec71362f21       /mnt/usb                 auto                user,noauto                  0       0

lsblk -o name,uuid,mountpoint

Code:

NAME                        UUID                                   MOUNTPOINT
sda                                                                
├─sda1                      ef571281-d77f-4822-8786-b00c6b94dbb6   /boot
├─sda2                                                             
└─sda5                      a928ff73-50f1-44e4-80e1-03b79905d294   
  └─sda5_crypt              jLtERN-KGRK-fasi-PWh0-BRjV-e7Ew-8UFRPM 
    ├─cryptolinux-cryptroot 853af3dc-9042-4144-91d1-a58dfa95b513   /
    ├─cryptolinux-cryptswap 2e1226c7-124f-40f5-ad7b-5eae802b4fc3   [SWAP]
    └─cryptolinux-crypthome 7b7a2296-ccea-4a02-a201-c2a78787bbb1   /home
sdb                                                                
└─sdb1                      341785d4-e610-49c8-b4ac-a0ec71362f21

after restart nothing happens though, it's just stuck on splash screen, what am I missing here?

Also on my previous install of 2020.2 I could boot it with keyfile on USB, but if usb was not present it did not fallback to passphrase option.

Did anyone get this working?

UPDATE

Now on top of everything I can't even update initramfs anymore

Code:

cryptsetup: WARNING target 'sda5_crypt' not found in /etc/crypttab

I appreciate any help
Thx

smallpond · 09-14-2020, 09:02 AM

To find the problem, boot with debug cmdline options: remove quiet, and set log_level=6. If you have a serial line, add "console=tty0 console=ttyS0,115200n8" to send messages to the serial port. Capture the output on a separate system running miniterm or putty. I use a USB serial cable.

Typical problem is a module that is not included or not being loaded by initrd. It's best to have initrd drop to a shell when it can't mount the root filesystem.