My goal is to set up a SBC with DietPi as a NAS/CloudServer with a USB drive (sdb) for storage. I’d like a partition (sdb1) of the USB drive to be encrypted and I want to decrypt the using a USB thumb drive (sdc) holding a key-file (on sdc1 in /test-key.key).
I’m trying to use a keyscript specified in grub’s cryptopt
in /etc/default/grub
like this:
cryptopt=target=cryptusb,source=/dev/disk/by-uuid=<uuid of sdb1>,keyscript=/lib/cryptsetup/scripts/passdev,key=/dev/disk/by-uuid/<uuid of sdc1>:/test-key.key:5,tries=2
I’ve added the passdev
script to initramfs through a script in /etc/initramfs-tools/hooks
, I also copied cryptsetup
to initramfs the same way. I’ve confirmed that they are present in initramfs with lsinitramfs
But when I reboot the system with this config I get the message:
cryptsetup (cryptusb): lvm is not avaliable
printed repeatedly before it boots into initrd (if that what the initramfs environment is called). At this point I also get a message:
ALERT! /dev/disk/by-uuid/<uuid of sdb1> does not exist.
Check cryptopts=source= bootarg: cat/proc/cmdline
or missing modules, devices: cat /proc/modules: ls /dev
It seems to me that, for some reason, the USB drives are not detected in initrd. It doesn’t seem to be a problem outside of initrd, since exiting gets me into the normal bash-terminal and here my devices turn up without trouble.
Do I need to manually load something into initrd in order for the USB drives to be detected?
I’ve also tried following this guide but I end up with the following error during update-initramfs
:
device-mapper: table ioctl on cryptusb failed: No such device or address
Command failed
cryptsetup: WARNING: failed to determine cipher modules to load for cryptusb
and then I get to the same point when I try to reboot the system. Any pointers how I can get the system to recognize my drives?