925447 – Luks key embedded to initramfs

Bug 925447 - Luks key embedded to initramfs

Summary: Luks key embedded to initramfs

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Hosted Projects
Classification:	Unclassified
Component:	genkernel (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	Gentoo Genkernel Maintainers

URL:	h
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-02-24 21:59 UTC by Sergey Ilinykh
Modified:	2024-02-24 21:59 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergey Ilinykh 2024-02-24 21:59:45 UTC

I use full disk encryption where /boot is also encrypted.
So basically I enter passphrase once to decrypt /boot and load kernel/initramfs by grub, and then I use keyfile embedded to initramfs to properly setup root.

This all works well with current genkernel without any patches. But the problem is in genkernel's documentation. 
I had to read sources to understand all the procedure of luks setup in initramfs and how to provide there an embedded key. I would really prefer some doc/wiki file instead.

Basically what I did
1. create initramfs overlay and configure it it genkernel.conf
2. in the overlay put key file to "/mnt/key" directory
3. pass path to the key file relative to "/mnt/key" as root_key kernel parameter 
4. root_keydev can essentially have any value

So please update the genkernel docs with this info.

Some related links:
https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019
https://forums.gentoo.org/viewtopic-p-7263052.html

Reproducible: Always