Setting up my NAS to be able to decrypt via key on a USB-drive, and falling back to password input after timeout.

Having an already set up luks on lvm, with sdd1 being the boot partition, sdd2 the luks container with / in it, and sdc1 the USB-drive with the key on with syslinux as the bootloader.

sdd
├─sdd1  ext4         1.0  BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBBBBBB
└─sdd2  crypto_LUKS  2    CCCCCCCC-CCCC-CCCC-CCCC-CCCCCCCCCCCC

sdc
└─sdc1  ext4         1.0  UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU

/boot/syslinux/syslinux.cfg

APPEND \
rd.luks.uuid=C-C-C-C \
rd.luks.key=C-C-C-C=/keyfile.bin=U-U-U-U \
rd.luks.options=C-C-C-C=keyfile-timeout=10s \
root=/dev/mapper/root rw

Syslinux doesn’t accept linebreaks (i.e. spanning multiple lines is not valid), so make sure to setup everything on a single APPEND line. And that’s it.