On Sunday, September 18, 2016 at 9:50:59 PM UTC+3, Connor Page wrote: > https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html#_crypto_luks_key_on_removable_device_support
Thanks for your reply. I am not skilled enough yet to understand the sections relating to "gpg", specifically, how to put them to use. Unfortunately after much experimentation only one "fix" seems to make my below setup work. These are the steps I have taken to attempt unlock via keyfile: - create keyfile of random data and move it to /boot. - add keyfile to LUKS keychain. " sudo cryptsetup luksAddKey /dev/disk/by-UUID/**** /boot/keyfile " - edit /etc/crypttab to look similar to this: " luks-**** UUID=**** /boot/keyfile luks " - checked to make sure dracut config contains the following: ' add_dracutmodules+="lvm crypt" ' - edited /etc/default/grub to add the following to GRUB_CMDLINE_LINUX: " rd.luks.key=/boot/keyfile:UUID=**** " - made sure "systemd" is an omitted module in dracut. - regenerated dracut and grub2 configurations. This was done in Qubes R3.2. Will attempt in 3.1 as well. Without omitting "systemd" module in dracut, the above setup does not work and qubes defaults to asking for a passphrase. Why it is this way, I do not know. Any more information anyone could provide on how this can be properly done is appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/245f9458-bf4d-480e-a155-b2ab97d71694%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.