CentOS 7: LUKS key on a USB drive

Plagiarized pretty much everything from this fantastic article:
https://forums.centos.org/viewtopic.php?t=53452

fdisk /dev/sdc
mkfs.ext3 /dev/sdc

mkdir /boot/tmp
mount /dev/sdc1 /boot/tmp

cp mykeyfile /boot/tmp

grep linux16 /boot/grub2/grub.cfg
luks-…

cryptsetup luksAddKey /dev/disk/by-uuid/0501aed9-6234-484a-9faf-3a6882be00c6 /boot/tmp/mykeyfile
cryptsetup luksAddKey /dev/disk/by-uuid/1584e28a-5842-48b7-42c2-158a215dc31e /boot/tmp/mykeyfile

vi /etc/dracut.conf.d/usb-decrypt.conf
omit_dracutmodules+=”systemd”
filesystems+=”ext3″
:wq!

dracut -fv

ls -l /dev/disk/by-uuid

vi /etc/default/grub
GRUB_CMDLINE_LINUX rd.luks.key=/mykeyfile:UUID=d6bad5c2-2616-49cc-bc8d-5cf1cdadff5d

grub2-mkconfig -o /boot/grub2/grub.cfg

vi /usr/local/sbin/unmountsdc.sh
#!/bin/bash
umount -lf /dev/sdc1
:wq!

chmod 755 /usr/local/sbin/unmountsdc.sh
vi /etc/systemd/system/unmountsdc.service
[Unit]
Description=Unmount sdc
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/sbin/unmountsdc.sh
TimeoutStartSec=0
[Install]
WantedBy=default.target
:wq!

systemctl daemon-reload
systemctl enable unmountsdc.service

reboot

One comment on “CentOS 7: LUKS key on a USB drive
  1. ExoRank says:

    Awesome post! Keep up the great work! 🙂

Leave a Reply