This is an old revision of the document!


Work in progress!!!

Disclaimer: I only tried this with the LIME2 hardware

The goal of this howto is to be able to unlock the rootfs of the encrypted version of the Internet Cube by using a USB key, as an alternative to providing the passphrase (in my case, because I can't unlock the rootfs through the network)

Introduction

There are different ways of unlocking a LUKS partition, for example with a passfile on a USB stick.

I decided to use a USB key, a devoted USB stick filled with random data containing the content of the keyfile, already documented on the internet (for example here). The summary of the steps I followed will be pretty much the same, except for the last issue I faced which was more specific to the Internet Cube.

I started from an already working instance of the Cube.

Preparation of the USB key

I filled a (small) USB stick with random data:

dd if=/dev/random of=/dev/sdX

where sdX is the device corresponding to the USB stick

Note: I didn't create any partition on it, it is just plain random data.

Preparation of the LUKS disk

Configuration of the boot system

Reboot

  • howto/unlock_cryptroot_usb.1486476861.txt.gz
  • Last modified: 2018/12/08 22:28
  • (external edit)