Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 925447

Summary: Luks key embedded to initramfs
Product: Gentoo Hosted Projects Reporter: Sergey Ilinykh <rion4ik>
Component: genkernelAssignee: Gentoo Genkernel Maintainers <genkernel>
Status: UNCONFIRMED ---    
Severity: enhancement    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: h
Whiteboard:
Package list:
Runtime testing required: ---

Description Sergey Ilinykh 2024-02-24 21:59:45 UTC 
I use full disk encryption where /boot is also encrypted.
So basically I enter passphrase once to decrypt /boot and load kernel/initramfs by grub, and then I use keyfile embedded to initramfs to properly setup root.

This all works well with current genkernel without any patches. But the problem is in genkernel's documentation. 
I had to read sources to understand all the procedure of luks setup in initramfs and how to provide there an embedded key. I would really prefer some doc/wiki file instead.

Basically what I did
1. create initramfs overlay and configure it it genkernel.conf
2. in the overlay put key file to "/mnt/key" directory
3. pass path to the key file relative to "/mnt/key" as root_key kernel parameter 
4. root_keydev can essentially have any value

So please update the genkernel docs with this info.

Some related links:
https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019
https://forums.gentoo.org/viewtopic-p-7263052.html

Reproducible: Always