On Sat, 9 Jun 2018 09:30:25 -0700, Tim Darby <t+df...@timdarby.net> wrote: > > Just curious, what do you do with a headless machine that has an encrypted > root? I guess you could put the crypto key on a thumb drive, but initrd > doesn't have a provision for that. >
I haven't tried such a setup (headless + encrypted root). I have a VPS running DFly with encrypted root, but I manually type the passphrase via the console. The initrd currently doesn't provide such mechanisms to achieve the method you said (by using a key on a USB stick), but it's not difficult to enhance the initrd to do so by editing the /etc/rcmount_crypt in the initrd image. I think the problem is that the headless root decryption is not well defined (e.g., different people have very different needs) so it's hard to implement the mechanism (Linux as well). Cheers, -- Aaron
pgpoa9T8TSJSx.pgp
Description: OpenPGP digital signature