mint_luks_encrypted_root_with_usb_unlock
This is an old revision of the document!
#!/bin/bash set -e # The script will exit if a command fails. read -r uuid usbmntpt <<< $(lsblk -o UUID,MOUNTPOINT | grep media) mntdest="$usbmntpt/mykeyfile" uuiddest="/dev/disk/by-uuid/$uuid:/mykeyfile" sudo dd bs=1M count=4 if=/dev/urandom of=$mntdest iflag=fullblock sudo chmod -v 0400 $mntdest device=$(sudo blkid --match-token TYPE=crypto_LUKS -o device) sudo cryptsetup luksAddKey $device $mntdest sudo cryptsetup luksOpen --test-passphrase --key-file $mntdest $device sudo cp /etc/crypttab /etc/crypttab.original sudo sed -i "s|none|$uuiddest|g" /etc/crypttab sudo sed -i "s|$|,discard,keyscript=/lib/cryptsetup/scripts/keyscript.sh,tries=4|" /etc/crypttab sudo wget -O /lib/cryptsetup/scripts/keyscript.sh \ https://raw.githubusercontent.com/filisko/cryptsetup-usb-keyscript/main/src/keyscript.sh sudo chown root:root /lib/cryptsetup/scripts/keyscript.sh sudo chmod 755 /lib/cryptsetup/scripts/keyscript.sh sudo update-initramfs -u echo "If all went well restart your computer."
mint_luks_encrypted_root_with_usb_unlock.1775762446.txt.gz · Last modified: by steve