My partition table is as follows:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 931.5G 0 disk
├─nvme0n1p1 259:1 0 1M 0 part
├─nvme0n1p2 259:2 0 640M 0 part /boot/efi
├─nvme0n1p3 259:3 0 1G 0 part
│ └─CryptBoot 254:4 0 1022M 0 crypt /boot
└─nvme0n1p4 259:4 0 929.9G 0 part
└─CryptLVM 254:0 0 929.9G 0 crypt
├─CryptContainer-SWAP 254:1 0 16G 0 lvm [SWAP]
├─CryptContainer-ROOT 254:2 0 160G 0 lvm /
└─CryptContainer-HOME 254:3 0 753.9G 0 lvm /home
I am trying to avoid having to enter LUKS passphrase twice. I have embedded the luks key for /dev/nvme0n1p4
inside initramfs
( /etc/initcpio/keys/
) and added a custom mkinitcpio
hook named decryption-keys
as shown below:
#!/bin/bash
# This is /etc/initcpio/install/decryption-keys
function build {
for file in /etc/initcpio/keys/*; do
add_file "$file" "/$(basename $file)" 0400
done
}
Since I am using sd-encrypt
I need to add rd.luks.key
to /etc/default/grub
, accordinfg to Archwiki : dm-crypt configuration. I tried rd.luks.key=rootfs:/CryptLVM.key
but that did not work and I still needed to enter the passphrase for CryptLVM
manually on boot. What am I doing wrong?