From 3fb9a15a88b17149c70ed00fdde4e69e3046a1af Mon Sep 17 00:00:00 2001 From: Arthur Heymans Date: Tue, 09 Jun 2015 14:06:13 -0400 Subject: The patch for encrypt hook in is not needed. Just use cryptkey=rootfs:/path/to/key Signed-off-by: Arthur Heymans --- (limited to 'docs') diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index 1538b9a..edd7810 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -589,16 +589,8 @@

Using the above installation method, you will have to unlock the encrypted file system twice (once in GRUB, and again when booting Parabola). - To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted. - You will need to apply a patch for this to work, until the patch is merged upstream. - Every time the mkinitcpio package is updated, you will need to re-apply the patch (recommended) - or add mkinitcpio to HoldPkg in /etc/pacman.conf (not recommended). -
- Download the encrypt.patch file from this page: - FS#31877
- Patch the encrypt hook:
- # patch /usr/lib/initcpio/hooks/encrypt /path/to/encrypt.patch
- Create a Keyfile:
+ To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted.
+ First create a keyfile:
# dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile iflag=fullblock
Add the keyfile to the Luks Device:
# cryptsetup luksAddKey /dev/sdX /etc/mykeyfile
@@ -607,7 +599,7 @@ Re-create the initramfs image:
# mkinitcpio -p linux-libre
Reboot and add the following to the kernel command line in GRUB:
- # cryptkey=initramfs:/etc/mykeyfile
+ # cryptkey=rootfs:/etc/mykeyfile

If everything works as expected, permanently add the kernel parameter to the GRUB config using the instructions at grub_cbfs.html. -- cgit v0.9.1