Linux installation with encrypted boot partition / fully encrypted boot drive

No specific Bitcoin Bounty has been announced by author. Still, anyone could send Bitcoin Tips to those who provide a good answer.

How to create a Linux installation (Red Hat Enterprise Linux / RHEL) that would start from fully encrypted boot partition?

Tags: , ,

1 Answer

Internet users could send Bitcoin Tips to you if they like your answer!

Some useful links:

searching for this grub boot encryption password entered remotly over ssl found the following useful links:

Remote unlocking of the root (or other) partition If you want to be able to reboot a fully LUKS-encrypted system remotely, or start it with a Wake-on-LAN service, you will need a way to enter a passphrase for the root partition/volume at startup. This can be achieved by running a mkinitcpio hook that configures a network interface. Some packages listed below contribute various mkinitcpio build hooks to ease with the configuration.

Note: Keep in mind to use kernel device names for the network interface (e.g. eth0) and not udev's ones (e.g. enp1s0), as those will not work. It could be necessary to add the module for your network card to the MODULES array. Remote unlocking (hooks: systemd, systemd-tool) AUR package mkinitcpio-systemd-toolAUR provides a systemd-centric mkinitcpio hook named systemd-tool with the following set of features for systemd in initramfs:

Core features provided by the hook:

unified systemd + mkinitcpio configuration automatic provisioning of binary and config resources on-demand invocation of mkinitcpio scripts and in-line functions Features provided by the included service units:

initrd debugging early network setup interactive user shell remote ssh access in initrd cryptsetup + custom password agent The mkinitcpio-systemd-toolAUR package requires the systemd hook. For more information be sure to read the project's README as well as the provided default systemd service unit files to get you started.

The recommended hooks are: base autodetect modconf block filesystems keyboard fsck systemd systemd-tool.

Remote unlocking (hooks: netconf, dropbear, tinyssh, ppp) Another package combination providing remote logins to the initcpio is mkinitcpio-netconf and/or mkinitcpio-pppAUR (for remote unlocking using a PPP connection over the internet) along with an SSH server. You have the option of using either mkinitcpio-dropbear or mkinitcpio-tinyssh. Those hooks do not install any shell, so you also need to install the mkinitcpio-utils package.


Too many commands? Learning new syntax? is a free tool to save your favorite scripts and commands, then quickly find and copy-paste your commands with just few clicks.

Boost your productivity with!

Post Answer