F36 Encrypted Root With Automatic Key Unlocking

Ask Fedora
,
1

Hello!
Is anyone else using the guide Fedora Encrypted Root With Automatic Key Unlocking?

I’m using a cleartext partition on the same disk – the intent here is not to prevent Evil Maid attacks but to have encryption at rest.

The instructions have worked so far but for some reason on a clean install of F36 I’ve failed to get them to work. Since I made a clean install, it is possible it is an error on my part.

So: has anyone got working auto-unlocking LUKS on F36, either from an unencrypted USB pen or from an unencrypted partition on an internal disk?

2

I have it working, with the key on an unencrypted USB drive. In fact this was working on F35 and the upgrade to F36 went smoothly, it just kept on working :slight_smile: I’m pretty sure I used that blog post you linked as the starting point as well.

3

You’re right. It was PEBCAK.
I had

GRUB_CMDLINE_LINUX="rd.luks.uuid=luks-926ee4d1-4cd8-43d7-97a3-07d41ed2a742  rd.luks.key=**luks**-926ee4d1-4cd8-43d7-97a3-07d41ed2a742=/my.luks.key:LABEL=keys rd.luks.options=**luks**-926ee4d1-4cd8-43d7-97a3-07d41ed2a742=keyfile-timeout=45s rhgb quiet"

instead of

GRUB_CMDLINE_LINUX="rd.luks.uuid=luks-926ee4d1-4cd8-43d7-97a3-07d41ed2a742  rd.luks.key=926ee4d1-4cd8-43d7-97a3-07d41ed2a742=/my.luks.key:LABEL=keys rd.luks.options=926ee4d1-4cd8-43d7-97a3-07d41ed2a742=keyfile-timeout=45s rhgb quiet"

and only now I noticed it.