{"id":20131291,"url":"https://github.com/qzed/luks-keyfile-dracut","last_synced_at":"2025-04-09T16:40:31.572Z","repository":{"id":100517981,"uuid":"240757476","full_name":"qzed/luks-keyfile-dracut","owner":"qzed","description":"Obsolete. Use the `rd.luks.key` option instead.","archived":false,"fork":false,"pushed_at":"2024-07-28T21:07:11.000Z","size":42,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-23T18:52:09.994Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qzed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-15T17:24:30.000Z","updated_at":"2024-07-28T21:07:15.000Z","dependencies_parsed_at":"2023-05-15T16:15:54.012Z","dependency_job_id":null,"html_url":"https://github.com/qzed/luks-keyfile-dracut","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qzed%2Fluks-keyfile-dracut","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qzed%2Fluks-keyfile-dracut/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qzed%2Fluks-keyfile-dracut/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qzed%2Fluks-keyfile-dracut/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qzed","download_url":"https://codeload.github.com/qzed/luks-keyfile-dracut/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248068849,"owners_count":21042568,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T20:47:27.036Z","updated_at":"2025-04-09T16:40:31.531Z","avatar_url":"https://github.com/qzed.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# luks-keyfile-dracut\n\n\u003e [!WARNING]  \n\u003e This project is obsolete. Use the [`rd.luks.key`](https://wiki.archlinux.org/title/Dm-crypt/System_configuration#rd.luks.key) option or the respective `/etc/crypttab` entry instead.\n\nFully automated unlock of LUKS encrypted partitions (including root partition) via a key file stored on a USB stick (or any partition in general), no user-interaction required.\n\nBased on https://github.com/raffaeleflorio/luks-2fa-dracut.\n\n## Motivation\n\nThe main motivation of this module is automated unlocking of encrypted LUKS partitions during boot.\nNote that this is essentially implies a trade-off between security and convenience.\nWith the convenience of a fully autonomous boot (that doesn't require any kind of network access like other similar solutions), you are forced to store the key unencrypted.\nThis project does not aim to provide bullet proof security, but rather a convenient way to have a small bit of security.\nSpecifically, this project was developed for a network attached storage setup, with the idea that destroying the key on a small USB stick is easier and a lot faster than over-writing large drives multiple times before decomissioning them.\n\n## Configuration\n\nDuring boot, specified partitions will be unlocked by reading a keyfile from a secondary partition, e.g. a USB stick.\nTo configure which paritions will be unlocked using what key, you will need to specify the following command line option (one per partition to be unlocked):\n```\nrd.luks.keyfile=UUID=keyfile_uuid:keyfile_path:UUID=target_uuid[:timeout[:mount_opts]]\n```\nThe options are\n- `keyfile_uuid`: UUID of the partition where the key file is stored.\n- `keyfile_path`: The path on the key file partition pointing to the key file.\n- `target_uuid`: The UUID of the partition to unlock.\n- `timeout`: A timeout in seconds.\n   When the timeout is reached, unlocking via key file will be aborted and the user will be asked for a bassword.\n- `mount_opts`: Mount options as specified in `/etc/fstab`.\n\nSee `/dev/disks/by-uuid/` for the partition UUIDs. These parameters will be translated by the systemd generator into a systemd service.\n\n## Setup\n\n### Via Package\n\nThere is a pre-built package available for Fedora in the [release](https://github.com/qzed/luks-keyfile-dracut/releases) section.\nThis package will automatically install and set-up the module.\nYou still need to configure it via the command line as described above.\n\n### Manual Installation\n\nInstallation:\n1. Set up your keyfile and make sure it can be used to decrypt the desired partition(s).\n2. Clone this repo (`git clone https://github.com/qzed/luks-keyfile-dracut.git`) and change into its directory.\n3. Install the module via `make install`.\n   A new initramfs will be automatically created with `dracut -fv`.\n4. Configure the kernel command line options, as described above, by adding your LUKS volume and key partiton via the `rd.luks.keyfile` parameter.\n   This can, for example, be done by editing `/etc/default/grub` if you use GRUB.\n\nRemoval:\n- Run `make uninstall`.\n  A new initramfs will be created automatically via `dracut -fv`:\n\n---\n\nTested on Fedora 31 (Server Edition).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqzed%2Fluks-keyfile-dracut","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqzed%2Fluks-keyfile-dracut","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqzed%2Fluks-keyfile-dracut/lists"}