{"id":4736,"date":"2015-05-02T16:10:51","date_gmt":"2015-05-02T13:10:51","guid":{"rendered":"http:\/\/mummila.net\/kommentit\/?p=4736"},"modified":"2015-05-02T16:15:46","modified_gmt":"2015-05-02T13:15:46","slug":"keyscript-option-in-crypttab-ignored","status":"publish","type":"post","link":"https:\/\/mummila.net\/kommentit\/2015\/05\/02\/keyscript-option-in-crypttab-ignored\/","title":{"rendered":"keyscript option in crypttab ignored"},"content":{"rendered":"<p>The setup for unlocking an encrypted volume during boot using (only) a keyfile (on a detachable USB drive) usually calls for a keyscript to be specified as one of the encrypted volume&#8217;s options. But with systemd, such encrypted volumes can only be unlocked during boot by typing in a passphrase.<\/p>\n<p>Steps to reproduce:<br \/>\n1. Have a LUKS encrypted volume.<br \/>\n2. Have said volume specified in \/etc\/crypttab, with keyscript= option pointing to your script for outputting the unlocking key.<br \/>\n3. Boot.<\/p>\n<p>What I expect to happen:<br \/>\nTo have the volume unlocked by the script at boot time without manual intervention.<\/p>\n<p>What happens instead:<br \/>\nPlymouth shows a prompt to enter a valid passphrase for the volume.<\/p>\n<p>Workarounds:<br \/>\nApparently the options for unlocking encrypted drives, including keyscript, can also be specified at the kernel command-line, without crypttab, and according to yaantc at Hacker News [1] this can be used to work around the issue. I haven&#8217;t personally tried this.<\/p>\n<p>* [1]\u00a0https:\/\/news.ycombinator.com\/item?id=8477913<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With systemd, encrypted volumes with a key on a USB drive can only be unlocked during boot by typing in a passphrase.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8860],"tags":[12646],"class_list":["post-4736","post","type-post","status-publish","format-standard","hentry","category-vianhallintajarjestelmat","tag-systemd","sijainti-launchpad"],"_links":{"self":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/4736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/comments?post=4736"}],"version-history":[{"count":4,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/4736\/revisions"}],"predecessor-version":[{"id":4740,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/4736\/revisions\/4740"}],"wp:attachment":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/media?parent=4736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/categories?post=4736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/tags?post=4736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}