Giter Club home page Giter Club logo

mkinitramfs's Introduction

mkinitramfs

Simple script for generating initramfs for the encrypted root disks.

Usage

  • Create encrypted disk or partition using cryptsetup

  • Create ~/.config/mkinitramfs/disks.json file with similar content to:

    {
    "name": {
       "uuid": "disk-uuid",
       "key": "key-filename"
    },
    ...
}

    where every entry have disk name (name in this case), which have two attributes - disk/partition UUID and key filename.

  • Provide a key file for the disk/partition. Assumption is, that it is an encrypted file using ccrypt instead of plain file or password protected luks. Keys will be looked using provided path, i.e.

    {
    "laptop": {
       "uuid": "88b99002-028f-4744-94e7-45e4580e2ddd",
       "key": "/full/path/to/the/laptop.key"
    },
    "desktop": {
       "uuid": "23e31327-1411-491c-ab00-c36f74c441f1",
       "key": "desktop.key"
    },
    "pendrive": {
       "uuid": "1453a45e-ca3f-4d39-8fd7-a6a96873c25c",
       "key": "../pendrive.key"
    }
}

    so yes - it is possible to use key file in absolute or relative paths. If no key will be found, it's been looking for in path specified by --key-path | -k parameter, which by default is in $XDG_CONFIG_HOME/mkinitramfs/keys (usually in ~/.config/mkinitramfs/keys.

  • Move mkinitramfs.py script to some location in your $PATH (like ~/bin)

  • Invoke mkinitramfs.py script:

    # mkinitramfs.py laptop

    that command will generate initramfs, copy key, and make appropriate change in init script and compress it with cpio.

    Using --install | -i parameter, initramfs will be automatically installed on /boot with appropriate links. Note, that old images (they have .old suffix in the filename) will be removed in that case.

Using key devices

It is possible to use an SD card (if computer does have reader built-in) or old plain USB pendrive. Currently support for the keys is limited to 4096 bytes, and assumption that key is unencrypted - it helps with booting system non-interactively.

Yubikey

There is possibility for using key which is encrypted using response from challenge response using ykchalresp command. The challenge here could be any string, so the name of the device from config is used.

mkinitramfs's People

Contributors

gryf avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.