[HEADS UP] Introduced "make initrd" and removed mkinitrd(8)

Aaron LI aly at aaronly.me
Sat Jun 9 18:19:17 PDT 2018

On Sat, 9 Jun 2018 09:30:25 -0700, Tim Darby <t+dfbsd at timdarby.net> wrote:
> ​Just curious, what do you do with a headless machine that has an encrypted
> root? I guess you could put the crypto key on a thumb drive​, but initrd
> doesn't have a provision for that.

I haven't tried such a setup (headless + encrypted root).  I have a VPS
running DFly with encrypted root, but I manually type the passphrase via the

The initrd currently doesn't provide such mechanisms to achieve the method
you said (by using a key on a USB stick), but it's not difficult to enhance
the initrd to do so by editing the /etc/rcmount_crypt in the initrd image.

I think the problem is that the headless root decryption is not well defined
(e.g., different people have very different needs) so it's hard to implement
the mechanism (Linux as well).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20180610/f0ee327d/attachment-0006.bin>

More information about the Users mailing list