me
/
Usbcrypt
mirror of https://github.com/sheychen290/usbcrypt
1
0
Fork 0
Code Issues Releases Wiki Activity
[mkinitcpio] extention for encrypt hook
2 Commits
1 Branch
0 Tags
52 KiB
Shell 100%
 
Go to file
sheychen 3e3c4a8adc Initial version 2017-03-26 21:53:30 +02:00
LICENSE Initial commit 2017-03-26 20:27:28 +02:00
README.md Initial version 2017-03-26 21:53:30 +02:00
hooks-usbcrypt Initial version 2017-03-26 21:53:30 +02:00
install-usbcrypt Initial version 2017-03-26 21:53:30 +02:00

README.md

Usbcrypt

Usbcrypt add support for encrypted system with luks encrypted keyfile on external drive

Prerequisities

mkinitcpio

Installing

  • On existing encrypt boot
  • sdX0 : key partition
  • sdY0 : luks drive
  1. Create key on existing small partition
dd if=/dev/zero of=/dev/sdX0
cryptsetup luksFormat /dev/sdX0
cryptsetup open /dev/sdX0 key
dd if=/dev/random of=/dev/mapper/key
  1. Add the key to LUKS
cryptsetup luksAddKey /dev/sdY0 /dev/mapper/key
  1. Install Usbcrypt
git clone https://github.com/sheychen290/usbcrypt.git
cd usbcrypt
cp install-usbcrypt /usr/lib/initcpio/install/usbcrypt
cp hooks-usbcrypt /usr/lib/initcpio/hooks/usbcrypt
  1. Setup Usbcrypt
  • /etc/mkinitcpio.conf : Change encrypt hook to usbcrypt
  • mkinitcpio -P
  1. Boot options
usbcryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:key
  1. Remove old passphrase
cryptsetup luksRemoveKey /dev/sdY0