[dm-crypt] Using a keyfile with full disk encryption

Tim Kerby me at tkerby.uk
Tue Oct 4 10:08:07 CEST 2016


I've enabled full disk encryption on a recent server install of Ubuntu (using the checkbox in the installer). This is there mainly for security when disks are replaced

Unfortunately, we've had a few power failures and the requirement to enter the passphrase for LUKS at the physical terminal is an issue. 

I'd be happy to keep a keyfile on a USB key or SD card as I could mount these internal to the server which is physically secured

Is there a method to ensure the USB key is mounted prior to the password prompt and adding the keyfile as an additional method at startup?

Thanks

Tim


More information about the dm-crypt mailing list