Full_Disk_Encryption_Howto_2019 - Community Help Wiki
$ sudo su -
# apt install -y cryptsetup-initramfs
# echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
# echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
暗号化されたドライブは/dev/sdb1
であると想定.
# mkdir /etc/luks
# dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=512 count=1
1+0 records in u=rx,go-rwx /etc/luks
1+0 records out
512 bytes (0.5 kB, 0.5 KiB) copied, 0.0002368 s, 17.3 MB/s
# chmod u=rx,go-rwx /etc/luks
# chmod u=r,go-rwx /etc/luks/boot_os.keyfile
# cryptsetup luksAddKey /dev/sdb1 /etc/luks/boot_os.keyfile
Enter any existing passphrase:
# echo "LUKS_BOOT UUID=$(blkid -s UUID -o value /dev/sdb1) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
fstab
に設定を書く.参考→dm-crypt/システム設定 - ArchWiki
# nano /etc/fstab
/dev/mapper/[name] /mnt/[mount point]/ ext4 defaults,errors=remount-ro 0 2