Replies: 1 comment 2 replies
-
|
Don't know if it's the correct way. I'm a Kairos beginner, but this works for me (in the kairos-ubuntu image). stages:
initramfs:
- name: "Unlock encrypted devices"
commands:
- /usr/lib/systemd/systemd-cryptsetup attach data1 /dev/disk/by-uuid/1afad6eb-8180-4a18-9c77-637b30a8b0fa - fido2-device=auto
- /usr/lib/systemd/systemd-cryptsetup attach data2 /dev/disk/by-uuid/7cc9bcf3-f687-4b52-b5d4-9e302c6d264b - fido2-device=auto
- /usr/lib/systemd/systemd-cryptsetup attach data3 /dev/disk/by-uuid/68320ca3-4a87-4bcf-bd88-d9fee4299871 - fido2-device=auto |
Beta Was this translation helpful? Give feedback.
-
|
How do you go about creating the LUKS volumes initially? Are you creating those separately and prior to installing the image? I suspected that doing something similar or maybe just adding the devices to crypttab might do the trick. |
Beta Was this translation helpful? Give feedback.
-
|
@mudler bump on this old discussion thread. Can LUKS be used directly and unlocked via systemd-cryptenroll or systemd-cryptsetup? |
Beta Was this translation helpful? Give feedback.
-
Is it possible to use systemd-cryptenroll to unlock LUKS volumes with kairos? I do not see it referenced in the documentation as officially supported via the kairos cloud config schema. If the underlying distro uses systemd and the initrd has the necessary libraries in it, it seems like it should work though.
I am aware of the kairos kcrypt option available however I do not wish to use that to manage LUKS volume unlock.
Beta Was this translation helpful? Give feedback.
All reactions