0

Does anyone know how to unlock the LUKS encrypted partition using key script? The idea is to run the keyscript in order to retrieve the key stored in the TPM's NVram and supply that to the LUKS encrypted partition. I'm using systemd-boot, I tried to use the crypttab settings below but every time reboot, it asks for manually input:

# <target name> <source device>         <key file>      <options>
encrypted_disk UUID=04a7e1c5-c3c7-4008-8058-7a3046811c01 none luks,keyscript=/etc/dummyScript.sh

what I need is a fully automated unlock with the key script to help to unlock it. Thank you.

T08
  • 73
  • 1
  • 8
  • 1
    Have you found this already, https://askubuntu.com/a/1149273/1474576? – frippe Mar 01 '22 at 06:07
  • Yes, I did. I have tried the method and it doesn't work. Tried to find out the reason and eventually point to the fact that systemd boot doesn't support keyscript in /etc/cryptab. I have to reference to: https://yuhei1-horibe.medium.com/mounting-encrypted-root-filesystem-753e44757794, and yup, it works somehow. – T08 Mar 02 '22 at 01:06
  • The idea is to state the paramter "cryptopts" in kernel cmdline instead of "keyscript" in the /etc/crypttab file. – T08 Mar 02 '22 at 01:07

0 Answers0