[HEADS UP] Introduced "make initrd" and removed mkinitrd(8)

Aaron LI aly at aaronly.me
Sat Jun 9 18:19:17 PDT 2018


On Sat, 9 Jun 2018 09:30:25 -0700, Tim Darby <t+dfbsd at timdarby.net> wrote:
>
> ​Just curious, what do you do with a headless machine that has an encrypted
> root? I guess you could put the crypto key on a thumb drive​, but initrd
> doesn't have a provision for that.
> 

I haven't tried such a setup (headless + encrypted root).  I have a VPS
running DFly with encrypted root, but I manually type the passphrase via the
console.

The initrd currently doesn't provide such mechanisms to achieve the method
you said (by using a key on a USB stick), but it's not difficult to enhance
the initrd to do so by editing the /etc/rcmount_crypt in the initrd image.

I think the problem is that the headless root decryption is not well defined
(e.g., different people have very different needs) so it's hard to implement
the mechanism (Linux as well).


Cheers,
-- 
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20180610/f0ee327d/attachment-0006.bin>


More information about the Users mailing list