I have moved from an Arch Linux setup to Fedora Silverblue. On my previous Arch system, I had it set up so that I could unlock my full disk encryption by booting with a USB stick attached, with the USB stick containing a key file. If the USB stick was not connected, then I would be prompted for the passphrase like normal.
I set this up by following the Arch wiki’s instructions. To summarise, I had to add
vfat as an early boot module for the initial ramdisk, and then had to edit my Systemd-boot configuration file to add the following kernel command-line arguments:
Now I am on Fedora Silverblue with GRUB, and have no previous experience with either. I have also not used Fedora Workstation before. I did a default installation via the installer, with full disk encryption and automatic partitioning. I therefore have a very typical install.
Could anyone please tell me what I need to do to set up something similar?
I took a look in my
/boot/ directory and found a GRUB configuration file there, but it seems to use different kernel command-line arguments, such as
rd.luks.uuid instead of
cryptdevice. I’m not sure if this is the right place to touch, as I believe there may be a GRUB configuration file elsewhere in
/etc/ from which the
/boot/ one gets generated? I’m also not sure exactly what I would need to change.
I can also see that the
/etc/crypttab file contains an entry for the full disk encryption, and the crypttab man page contains some information on pointing to a key file, but it sounds like it just takes an absolute path and that there’s no way to specify a USB disk that isn’t already mounted.
Could anyone help me out here? Thanks in advance.