Ubuntu - encrypted root, logistics

Question

I am attempting to boot Ubuntu on a LUKS encrypted device - In a prior life, I specified the UUID as a kernel cmdline option and then the initramfs opened up that device with the credentials I provided.

From all the documentation I am seeing, it appears to me that I must build the initramfs with the device I want to unlock beforehand.

So, let's say I have 3 USB devices that I want to boot to. Instead of keeping all of the contents identical and tweaking the kernel cmdline, I would keep everything the same, BUT change the initramfs for each one to reference the device properly? The problem with that for me is that how do I easily generate the initramfs when my root FS is a squashfs image?

References:

How do I automatically decrypt an encrypted filesystem on the next reboot?

https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/

score 0 · Accepted Answer · answered Feb 10 '20 at 13:39

I tried updating the initramfs again and this initramfs worked. I didn't change my kernel cmdline, so I am guessing that either the build process (I was using) didn't invoke update initramfs OR I didn't copy the latest file.

My kernel cmdline is still:

linux /vmlinuz-5.0.0-34-generic consoleblank=300 root=<DEVICE> rootfstype=squashfs rw cryptopts=source=/dev/disk/by-uuid/<UUID>,lvm,rootdev overlayroot=tmpfs:recurse=0

Ubuntu - encrypted root, logistics

1 Answers1