Author: Mason Loring Bliss Date: To: g4sra CC: dng Subject: Re: [DNG] Complete system HDD encryption w/o LLVM.
On Tue, Sep 29, 2020 at 07:57:46PM +0100, g4sra via Dng wrote:
> > If you include the "initramfs" option in /etc/crypttab, keys noted in
> > entries marked with that will be automatically included.
> Not in the scripts I had, they explicitly excluded any keys for the root
> filesystem because Debian Devs know better than me (including them in an
> initramfs is insecure).
Ah, sorry. I was thinking of filesystems to be unlocked, not key data
itself. I include "initramfs" in crypttab and I use passphrases on boot,
and that keyword is what enables the prompt for the filesystem(s) in
question. I sometimes have others that use keys that are on the encrypted
root, and those don't specify "initramfs" as they can wait until the normal
Only vaguely related, something I haven't played with yet that I'd like to: