[dm-crypt] Using a keyfile with full disk encryption

Tim Kerby tkerby at pentaprism.org
Tue Oct 4 10:37:36 CEST 2016


I've enabled full disk encryption on a recent server install of Ubuntu (using the checkbox in the installer). This is there mainly for security when disks are replaced

Unfortunately, we've had a few power failures and the requirement to enter the passphrase for LUKS at the physical terminal is an issue. 

I'd be happy to keep a keyfile on a USB key or SD card as I could mount these internal to the server which is physically secured

Is there a method to ensure the USB key is mounted prior to the password prompt and adding the keyfile as an additional method at startup?

Thanks

Tim



More information about the dm-crypt mailing list