3

I have a server which I set up with its root partition totally encrypted. I urgently need to disable the passphrase dialog at startup because it is not letting the server boot up after an electricity cut, it happened already.

Is there any way to make the system boot automatically into the encrypted system without asking for the passphrase? maybe passing the passphrase as argument to some kernel parameter, I have not found any info about something like this though. Thanks.

  • What type of encryption or what encryption software did you use? TrueCrypt and some others allow you to decrypt the drive on the fly (you will need a reboot to remove the bootloader). – Jim G. Aug 31 '12 at 23:37
  • What purpose would the encryption serve if anyone who could access the encrypted data could also access the key? – David Schwartz Sep 01 '12 at 01:49
  • @JimG. I am using dm-crypt. –  Sep 01 '12 at 02:47
  • @DavidSchwartz the purpose is irrelevant now, I need a quick solution. –  Sep 01 '12 at 02:47

1 Answers1

5

If you have a key that's simply hard-coded and always available to the system, then you're essentially defeating the entire point of having the disk encrypted in the first place. If you're set on that approach, create a LUKS key file and attach it into the crypttab for that device. See here for instructions.

A better option might be to have a TPM chip handle the key; it can provide secure storage for the encryption key and automatically provide it when needed. See this question for more info.

Community
  • 1
Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • I have read but those instructions seem to work only if the root partition is unencrypted. –  Sep 05 '12 at 14:33