I am currently trying to auto set the password during the start/boot process to automatically decrypt the encrypted drive to continue the boot process (until login).
VM: Oracle VirtualBox
OS: rocky 9.1
I have done the following configurations in the installation process:
- set the storage configuration to automatic during installation
- selected encryption and set a password
After that I updated the following entry in the file /etc/crypttab (I did not change the name or uuid of the drive and kept the automatically generated name/uuid).
- entry none to /etc/luks-keys/passwort or /boot/luks-keys/passwort
- luks,discard
- after that i updated the initramfs with
sudo dracut -f
- give rights for root to read from the file (-rw------- root root)
What I have tried so far:
- other combinations (only discard) and other locations of the password file
- checked the paths for spelling mistakes
- the password does not contain special- and space characters
- password entry with quotes and without quotes
- the service under systemctl status systemd-cryptsetup@luks\…{uuid} is also running
After the system boots it also asks me for the password and the password works fine. I can log in successfully after that.
When I look at the logs from journalctl it also gives an error: failed to activate, key file ‘/boot/luks-keys/password’ missing.
Do I need to update another configuration for the grub bootloader in the file /etc/defualt/grub in the line for GRUB_CMDLINE_LINUX=“…”?
I am aware that the password is plain in the file and it is not encrypted yet. I am aware that the password is plain in the file and it is not encrypted yet. It concerns me primarily to be able to illustrate the functionality.
I’m a little out of ideas at the moment on what this can be. Does anyone have a tip /suggestion? Or can even guide me a bit how I can implement this?
I wish you all a good start to the weekend
PS: Here is a snippet of the log: