arch is usually a great resource for information. Even if it is not the same distro. I have found it usually gives me a great start to work from when something weird comes up.

On Fri, Feb 5, 2021 at 8:18 AM Sebastian via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:

Is anyone familiar with how to boot Ubuntu, and make grub use the key-file on the USB that is plugged into it?
I'm trying to not need to type in the password on the device when it boots, but still have an encrypted root partition.
If not, how do people keep drives encrypted in production environments when using Ubuntu? (Could answer this as well, "if so", since this is just my guess for what production environments use)

(because this is what online searches bring)
I do not mean:
Boot from an encrypted USB.
Decrypt and mount an encrypted volume at boot AFTER typing in the decryption password for root once already.
Encrypt boot partition as well as root.

Everything I found online was one of the above three things, or is Arch and doesn't apply to Ubuntu.

I thought "eh, just do it the same way as Arch in boot parameters, as they both use grub, right?", but that didn't work...
(cryptkey=devID:filesystem:fileLocation cryptdevice=devID:decrypt_root root=/dev/mapper/decrypt_root => update-grub)

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss


--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen