I want to be able to unlock my systems luks encrypted root disk remotely.
Therefore, during setup I created a seperate unencrypted ext4 partition I've configured to be used as /boot/
Since the system uses UEFI, I've also created a separate fat32 partition for /boot/efi.
Initially the only way to unlock the system was to enter it locally on the graphical prompt shown locally.
So I continued with this (based on https://hamy.io/post/0009/how-to-instal ... unlocking/):
apt-get install dropbear-initramfs
- adding the following line to the file
/etc/initramfs-tools/initramfs.conf
:
DROPBEAR_OPTIONS="-I 180 -j -k -p 2222 -s"
- adding
r8152
to/etc/initramfs-tools/modules
(=module I need for my ethernet adapter, couldn't yet find a way to get this working with wifi) - add my ssh client's public key to
/etc/dropbear-initramfs/authorized_keys
update-initramfs -ck all
reboot
Because my USB-C Ethernet adapter also has an integrated card reader, the external hard-disk I'm using switched between sda & sdb, so I renamed the cryptsetup name from sda_crypt to hdd_crypt to remove the discrepancy. While at it, I also renamed nvme0n1p3_crypt to ssd_crypt to make both luks mapping names independent of the systems disk names. But it seems the script
update-initramfs
uses = /usr/share/initramfs-tools/hooks/cryptroot
to find out what partitions it needs to unlock uses those device file names, or at least I can't see where else it would take this names from. So I'll now rename ssd_crypt back to nvme0n1p3_crypt and I think that will fix my current problem.UPDATE: yep, that was it