CentOS 7: LUKS key on a USB drive
Plagiarized pretty much everything from this fantastic article:
https://forums.centos.org/viewtopic.php?t=53452
fdisk /dev/sdc
mkfs.ext3 /dev/sdc
mkdir /boot/tmp
mount /dev/sdc1 /boot/tmp
cp mykeyfile /boot/tmp
grep linux16 /boot/grub2/grub.cfg
luks-…
cryptsetup luksAddKey /dev/disk/by-uuid/0501aed9-6234-484a-9faf-3a6882be00c6 /boot/tmp/mykeyfile
cryptsetup luksAddKey /dev/disk/by-uuid/1584e28a-5842-48b7-42c2-158a215dc31e /boot/tmp/mykeyfile
vi /etc/dracut.conf.d/usb-decrypt.conf
omit_dracutmodules+=”systemd”
filesystems+=”ext3″
:wq!
dracut -fv
ls -l /dev/disk/by-uuid
vi /etc/default/grub
GRUB_CMDLINE_LINUX rd.luks.key=/mykeyfile:UUID=d6bad5c2-2616-49cc-bc8d-5cf1cdadff5d
grub2-mkconfig -o /boot/grub2/grub.cfg
vi /usr/local/sbin/unmountsdc.sh
#!/bin/bash
umount -lf /dev/sdc1
:wq!
chmod 755 /usr/local/sbin/unmountsdc.sh
vi /etc/systemd/system/unmountsdc.service
[Unit]
Description=Unmount sdc
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/sbin/unmountsdc.sh
TimeoutStartSec=0
[Install]
WantedBy=default.target
:wq!
systemctl daemon-reload
systemctl enable unmountsdc.service
reboot
Awesome post! Keep up the great work! 🙂