3 # When using the Arch Linux mkinitcpio encrypt if the file /crypto_keyfile.bin
4 # exists in the initramfs then it will be used to attempt unlocking.
5 # 1. dd if=/dev/urandom of=/crypto_keyfile.bin bs=1 count=512
6 # 2. Add /crypto_keyfile.bin to FILES in /etc/mkinitcpio.conf
7 # 3. mkinitcpio -p linux
8 # 4. Enable the disable-crypto_keyfiles@<root-disk-uuid>.service
9 # 5. Run this script when you want to reboot without a passphrase
12 crypto_keyfile
="/crypto_keyfile.bin"
13 reboot_cmd
="${1:-sudo reboot}"
15 if [ ! -f "$crypto_keyfile" ]; then
16 echo "Failed to find $crypto_keyfile"
21 for disk_uuid
in $
(ls /etc
/systemd
/system
/basic.target.wants
/disable-crypto_keyfile@
*.service | cut
-d'@' -f2 | cut
-d.
-f1); do
23 found_devices
="${found_devices} /dev/disk/by-uuid/${disk_uuid}"
26 if [ -z "$found_devices" ]; then
27 echo "Failed to find your encrypted device. You must have disable-crypto_keyfile@.service enabled."
31 echo -n "Enter password for devices: "
34 for device_filename
in $found_devices; do
35 echo "Adding key to $device_filename"
36 sudo cryptsetup luksAddKey
"$device_filename" "$crypto_keyfile" --key-slot 7 <<EOF