When you have multiple computers with root encrypted it can be a pain to provide the password each time (or if you have only one with dual boot).
The main target is to have only one computer/NAS/whatever where keyfiles for others are safely stored.
During the boot, a computer will get its own keyfile by using ssh (dropbear client). Once done, cryptsetup will try to use the keyfile (crypttab).
If we are not able to get the keyfile or if the keyfile doesn't permit to open the device, cryptsetup will follow the regular flow and ask for a passord. (Of course, it is possible to use dropbear or tinyssh provided by systemd-tool)
mickybart
commented
2 years ago
When you have multiple computers with root encrypted it can be a pain to provide the password each time (or if you have only one with dual boot).
The main target is to have only one computer/NAS/whatever where keyfiles for others are safely stored.
During the boot, a computer will get its own keyfile by using ssh (dropbear client). Once done, cryptsetup will try to use the keyfile (crypttab). If we are not able to get the keyfile or if the keyfile doesn't permit to open the device, cryptsetup will follow the regular flow and ask for a passord. (Of course, it is possible to use dropbear or tinyssh provided by systemd-tool)