[mkinitcpio] extention for encrypt hook

Go to file

sheychen 3e3c4a8adc Initial version		6 years ago
LICENSE	Initial commit	6 years ago
README.md	Initial version	6 years ago
hooks-usbcrypt	Initial version	6 years ago
install-usbcrypt	Initial version	6 years ago

README.md

Usbcrypt

Usbcrypt add support for encrypted system with luks encrypted keyfile on external drive

Prerequisities

mkinitcpio

Installing

On existing encrypt boot
sdX0 : key partition
sdY0 : luks drive

Create key on existing small partition

dd if=/dev/zero of=/dev/sdX0
cryptsetup luksFormat /dev/sdX0
cryptsetup open /dev/sdX0 key
dd if=/dev/random of=/dev/mapper/key

Add the key to LUKS

cryptsetup luksAddKey /dev/sdY0 /dev/mapper/key

Install Usbcrypt

git clone https://github.com/sheychen290/usbcrypt.git
cd usbcrypt
cp install-usbcrypt /usr/lib/initcpio/install/usbcrypt
cp hooks-usbcrypt /usr/lib/initcpio/hooks/usbcrypt

Setup Usbcrypt

/etc/mkinitcpio.conf : Change encrypt hook to usbcrypt
mkinitcpio -P

Boot options

usbcryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:key

Remove old passphrase

cryptsetup luksRemoveKey /dev/sdY0