[mkinitcpio] extention for encrypt hook
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
sheychen 3e3c4a8adc Initial version 4 years ago
LICENSE Initial commit 4 years ago
README.md Initial version 4 years ago
hooks-usbcrypt Initial version 4 years ago
install-usbcrypt Initial version 4 years ago

README.md

Usbcrypt

Usbcrypt add support for encrypted system with luks encrypted keyfile on external drive

Prerequisities

mkinitcpio

Installing

  • On existing encrypt boot
  • sdX0 : key partition
  • sdY0 : luks drive
  1. Create key on existing small partition
dd if=/dev/zero of=/dev/sdX0
cryptsetup luksFormat /dev/sdX0
cryptsetup open /dev/sdX0 key
dd if=/dev/random of=/dev/mapper/key
  1. Add the key to LUKS
cryptsetup luksAddKey /dev/sdY0 /dev/mapper/key 
  1. Install Usbcrypt
git clone https://github.com/sheychen290/usbcrypt.git
cd usbcrypt
cp install-usbcrypt /usr/lib/initcpio/install/usbcrypt
cp hooks-usbcrypt /usr/lib/initcpio/hooks/usbcrypt
  1. Setup Usbcrypt
  • /etc/mkinitcpio.conf : Change encrypt hook to usbcrypt
  • mkinitcpio -P
  1. Boot options
usbcryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:key
  1. Remove old passphrase
cryptsetup luksRemoveKey /dev/sdY0