RHEL: FDE 비밀번호 없음 - 파티션의 키에서 부팅

RHEL 7.2에서 LVM을 사용하여 OS를 암호화하고 암호화되지 않은 파티션의 키를 사용하여 암호를 입력하지 않고 부팅하려고 합니다.

 LV    VG    Attr     LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
 home rhel -wi-ao---- 22.35g                                                 
 root rhel -wi-ao---- 27.94g                                                 
 swap rhel -wi-ao----  1.86g   

/media다음 명령을 사용하여 키를 생성한 암호화되지 않은 마운트 지점을 만들었습니다 .

dd bs=512 count=4 if=/dev/urandom of=/media/fdekey iflag=fullblock

다음과 같은 비밀번호로 키를 추가했습니다.

 cryptsetup luksAddKey /dev/mapper/rhel-root /media/fdekey
 cryptsetup luksAddKey /dev/mapper/rhel-home /media/fdekey
 cryptsetup luksAddKey /dev/mapper/rhel-swap /media/fdekey

그런 다음 편집하여 /etc/crypttab키를 추가합니다.

luks-b7ac522a-52fd-4540-917d-3454dafdf7dc UUID=b7ac522a-52fd-4540-917d-3454dafdf7dc /media/fdekey luks
luks-ad431e02-a49d-4ba3-bf9c-06e7a9f9a7f9 UUID=ad431e02-a49d-4ba3-bf9c-06e7a9f9a7f9 /media/fdekey luks
luks-a3819933-91d5-434b-bb6c-42d273bb34c2 UUID=a3819933-91d5-434b-bb6c-42d273bb34c2 /media/fdekey luks

수정됨/etc/dracut.conf

# dracut modules to omit
omit_dracutmodules+="systemd"

# dracut modules to add to the default
add_dracutmodules+="crypt lvm"

수정됨 /etc/default/grub:

rd.luks.key=/media/fdekey:LABEL=media

생성된 그럽:

grub2-mkconfig -o /boot/grub2/grub.cfg

생성된 initramfs:

dracut -fv

출력 df -h:

Filesystem      Size  Used Avail Use% Mounted on
/dev/dm-3        28G  876M   28G   4% /
devtmpfs        9.6G     0  9.6G   0% /dev
tmpfs           9.6G     0  9.6G   0% /dev/shm
tmpfs           9.6G  8.4M  9.6G   1% /run
tmpfs           9.6G     0  9.6G   0% /sys/fs/cgroup
/dev/sda2       4.5G   19M  4.2G   1% /media
/dev/sda1       950M  133M  818M  14% /boot
/dev/dm-5        23G   33M   23G   1% /home
tmpfs           2.0G     0  2.0G   0% /run/user/0

출력 fdisk -l:

Disk /dev/sda: 64.4 GB, 64424509440 bytes, 125829120 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000a0a6e

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1953791      975872   83  Linux
/dev/sda2         1953792    11718655     4882432   83  Linux
/dev/sda3        11718656   121114623    54697984   8e  Linux LVM

Disk /dev/mapper/rhel-root: 30.0 GB, 30001856512 bytes, 58597376 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/rhel-swap: 2000 MB, 2000683008 bytes, 3907584 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/luks-b7ac522a-52fd-4540-917d-3454dafdf7dc: 1998 MB, 1998585856 bytes, 3903488 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/luks-a3819933-91d5-434b-bb6c-42d273bb34c2: 30.0 GB, 29999759360 bytes, 58593280 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/rhel-home: 24.0 GB, 23999807488 bytes, 46874624 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/luks-ad431e02-a49d-4ba3-bf9c-06e7a9f9a7f9: 24.0 GB, 23997710336 bytes, 46870528 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

몇 가지 단계가 누락된 것 같습니다. 시작할 때 여전히 비밀번호를 묻는 메시지가 나타납니다.