-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.txt
33 lines (27 loc) · 1.17 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Installation
============
Install dracut-network dropbear
dropbearkey -t rsa -s 3072 -f /etc/dracut-cryptssh/dropbear_rsa_host_key
Add to kernel commandline:
rd.ip=dhcp netroot=dhcp rd.cryptssh=1
Architecture
============
- Use dracut-network to setup network
- Modify 90crypt/cryptroot-ask
- Put unlock information into /root/.profile
- Terminate console prompt when volume is unlocked
- Requires wait_for_file, which requires ask_for_password to be
wrapped
- wait_for_file terminates process when watchfile exists
- Modify initramfs to run custom cryptroot-ask instead of original one:
- Start dropbear (no proper hook is available): It needs to be after
network module was loaded but before crypto devices are unlooked. Both
happens via udev
- Afterwards run modified script (see above)
References/Credits
==================
This dracut module is inspired by information found at the following URLs:
- http://roosbertl.blogspot.de/2012/12/centos6-disk-encryption-with-remote.html
- https://bitbucket.org/bmearns/dracut-crypt-wait
- https://github.com/rlwolfcastle/dracut-crypt-sshd
- https://bugzilla.redhat.com/show_bug.cgi?id=524727