keyscript option in crypttab ignored
The setup for unlocking an encrypted volume during boot using (only) a keyfile (on a detachable USB drive) usually calls for a keyscript to be specified as one of the encrypted volume’s options. But with systemd, such encrypted volumes can only be unlocked during boot by typing in a passphrase.
Steps to reproduce:
1. Have a LUKS encrypted volume.
2. Have said volume specified in /etc/crypttab, with keyscript= option pointing to your script for outputting the unlocking key.
3. Boot.
What I expect to happen:
To have the volume unlocked by the script at boot time without manual intervention.
What happens instead:
Plymouth shows a prompt to enter a valid passphrase for the volume.
Workarounds:
Apparently the options for unlocking encrypted drives, including keyscript, can also be specified at the kernel command-line, without crypttab, and according to yaantc at Hacker News [1] this can be used to work around the issue. I haven’t personally tried this.
* [1] https://news.ycombinator.com/item?id=8477913