Add rd.luks.data & header option

[ghost]

Couldn't figure out why this wasn't working until I looked at the source. Please see here:

https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html

[anatol]

Thank you for the request. My understanding it is a way to handle LUKS partitions with detached headers. Before moving forward with it I have a couple of questions to understand the nature of this setup:

• What is the reason for using detached headers for root partition?
• Where the detached header is suppose to be stored? Is it going to be another partition (and thus 2 partitions are needed to unlock a volume)? Or the header suppose to be packed to the initramfs itself? Or...

[anatol]

No progress at this point yet unfortunately. I need to implement the logic that discovers and temporarily mounts devices (that might contain LUKS headers/passwords/keys/...). I plan to look at it before the 0.8 release.

Any information/documentation/examples will be helpful for sure. Please share your ideas about this topic!

[ayushnix]

Umm, I can't figure out if this feature was added or not. It doesn't look like it was considering the man page hasn't documented it. Can you confirm if I can use booster to unlock LUKS partitions with detached headers?

[anatol]

The issue is not complete. It looks like the original author account got removed and it automatically closed his tickets.

[reagentoo]

Thank you for the request. My understanding it is a way to handle LUKS partitions with detached headers. Before moving forward with it I have a couple of questions to understand the nature of this setup:

* What is the reason for using detached headers for root partition?

* Where the detached header is suppose to be stored? Is it going to be another partition (and thus 2 partitions are needed to unlock a volume)? Or the header suppose to be packed to the initramfs itself? Or...

@anatol For example, in my scenario the header and key is stored on external device (flash drive with grub2+keyfiles+header). It doesn't encrypted. The main SSD device contains luks2+lvm+kernels+root. My current options for the genkernel:

ro dolvm root_trim=yes scandelay
root=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
crypt_root=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
root_key=/keyfiles/gentoo.key
root_keydev=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
root_header=/keyfiles/gentoo.hdr
root_headerdev=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

I would like to test this scenario on the "booster" when all options are implemented.