luks : syslinux : usb
Setting up my NAS to be able to decrypt via key on a USB-drive, and falling back to password input after timeout.
Having an already set up luks on lvm, with sdd1
being the boot partition, sdd2
the luks container with /
in it, and sdc1
the USB-drive with the key on with syslinux
as the bootloader.
sdd
├─sdd1 ext4 1.0 BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBBBBBB
└─sdd2 crypto_LUKS 2 CCCCCCCC-CCCC-CCCC-CCCC-CCCCCCCCCCCC
sdc
└─sdc1 ext4 1.0 UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU
/boot/syslinux/syslinux.cfg
APPEND \
rd.luks.uuid=C-C-C-C \
rd.luks.key=C-C-C-C=/keyfile.bin=U-U-U-U \
rd.luks.options=C-C-C-C=keyfile-timeout=10s \
root=/dev/mapper/root rw
Syslinux doesn’t accept linebreaks (i.e. spanning multiple lines is not valid), so make sure to setup everything on a single APPEND
line.
And that’s it.