3 # When using the Arch Linux mkinitcpio encrypt if the file /crypto_keyfile.bin
4 # exists in the initramfs then it will be used to attempt unlocking.
5 # 1. dd if=/dev/urandom of=/crypto_keyfile.bin bs=1 count=512
6 # 2. Add /crypto_keyfile.bin to FILES in /etc/mkinitcpio.conf
7 # 3. mkinitcpio -p linux
8 # 4. systemctl enable disable-crypto_keyfiles@$(systemd-escape /dev/disk/by-id/xxx).service
9 # 5. Run this script when you want to reboot without a passphrase
12 crypto_keyfile
="/crypto_keyfile.bin"
13 reboot_cmd
="${1:-sudo reboot}"
15 if [ ! -f "$crypto_keyfile" ]; then
16 echo "Failed to find $crypto_keyfile"
20 readarray
-t devnames
< <(
22 /etc
/systemd
/system
/basic.target.wants
/ \
24 -name 'disable-crypto_keyfile@*' \
26 |
xargs -0 -n1 systemd-escape
-u --instance
29 if [ ${#devnames[@]} = 0 ]; then
30 echo "Failed to find your encrypted device. You must have disable-crypto_keyfile@.service enabled."
34 echo -n "Enter password for devices: "
37 for devname
in "${devnames[@]}"; do
38 echo "Adding key to $devname"
39 sudo cryptsetup luksAddKey
"$devname" "$crypto_keyfile" --new-key-slot 7 <<EOF