Encrypted system keyfile unlock with remote unlock
Hello all,
First post here, I apologize if this is not the right place.
I have an Arch system setup with an encrypted btrfs filesystem using subvolumes for /, /home and a swapfile. /boot is unencrypted. I am able to get the system to automatically unlock upon boot using a keyfile on a usb drive and the sd-encrypted hook.
I can also use the systemd-tool hook from mkinitcpio-systemd-tool to remotely unlock/un-encrypt the filesystem via ssh at boot.
However, what I would really like is to use the keyfile on the usb drive to boot, if present, and if not fallback to waiting for the encryption password via ssh. I'm not sure if this is even possible, and if it is possible not sure how set it up. Does anyone know if this is doable or have any pointers?
Thanks, apologies again if I'm in the wrong place.
|