Hi everyone !
I have a laptop with a fresh install of Fedora 30 with
- a LUKS 2 encrypted LVM on an SSD,
- an additional LUKS 2 encrypted HDD for data
I added the second drive to fstab/crypttab and both are automatically decrypted on boot because they have the same password and as I understand plymouth passes on the entered password to all mapped luks volumes, so I do not use any keyfile.
I would like to be able to ALSO boot the system using just a USB key with a keyfile on it, without entering a password. All the guides that I found were outdated or involved creating scripts (not sure how those survive system upgrades) or modifying the crypttab entry to search for the keyfile, (thus losing password login), or booting from the USB which is not convenient… is there a native way to do this, using LUKS keyslot features ? like just adding the usb to FSTAB and adding a keyfile on it mapped to the luks keyslots ?
thanks everyone !