dracut
wireguard-initramfs
Our great sponsors
dracut | wireguard-initramfs | |
---|---|---|
18 | 10 | |
523 | 275 | |
2.9% | - | |
7.5 | 4.7 | |
6 days ago | 4 months ago | |
Shell | Shell | |
GNU General Public License v3.0 only | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dracut
- Locked root partition
-
ZFSBootMenu boots root dataset just fine but doesn't ask for password even though it's encrypted???
Upstream has been telling people not to use a central configuration file for 8 years so nobody should really be putting anything in there to begin with. One can make a reasonable argument that ZFSBootMenu ought to override the configuration file just like it overrides the configuration drop-in directory, but another can make a reasonable argument that people who really know what they want may wish to load common configuration options for both their system and ZBM images in /etc/dracut.conf.
-
Can't turn off the machine after install with full disk encryption
I absolutely have no idea... Seems like somehow something is not supported. You should create an issue in the dracut repo: https://github.com/dracutdevs/dracut/issues. That's something you should probably everywhere like I did in my issue: https://www.reddit.com/r/voidlinux/comments/11ofqt2/booting_with_dinit. The void community can sometimes be really unhelpful so I hope you will get help there.
-
What happened to the bugzilla 1529311? it's about AMD microcode
bug 1529311 is closed as duplicate of bug 1476039 which was fixed by https://access.redhat.com/errata/RHBA-2018:0964 included in dracut-033-535.el7. These patches were mentioned in 1476039: https://github.com/dracutdevs/dracut/commit/19453dc8744e6a59725c43b61b2e3db01cb4c57c and https://github.com/dracutdevs/dracut/pull/261. Also it was mentioned that it was fixed in
-
/boot/initramfs.. and the early boot process
It's a shell script that sets up some basics and runs an event loop to run hooks that eventually lead to the availability of your root device.
-
Can bluetooth keyboards work to enter luks password?
dracut can build initrd with bluetooth support
-
Has anyone setup a private tracker?
The documentation is super minimal, but the livenet module supports torrent files using the live:torrent: URL syntax.
-
Are cheap wireless keyboards from Lazada and Shopee compatible for Linux? (POV: I live in the Philippines and I have to do online shopping cuz of the pandemic)
Nope, all these environments are missing initial device configuration required for keyboard to be able to connect. (There was an attempt to add bluetooth support into dracut, that didn't go well)
- Failed to Start setup virtual console
-
Dracut kernel_cmdline not working with LVM on LUKS.
I get exactly this error. So it turns out, the decryption depends on a systemd unitsystemd-cryptsetup-generator, which will not read any embedded cmdline parameters, only ones passed in the commandline so when the commandline parameter is asking to decrypt things, it is not generated.
wireguard-initramfs
- How to avoid typing password of LUKS encrypted server every boot?
-
Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future
Some other interesting things are providing keys over the network, or leveraging Wireguard and SSH to remotely unlock.
-
Encrypt Raspberry Pi?
For vulnerabilities: even if dropbear was vulnerable in some way, itโs running in a pre-boot initramfs with a restricted shell which can be locked down even further to prevent escalation. To add another layer of security, you can run Wireguard in initramfs and have dropbear configured to be accessible from only the vpn network: https://github.com/r-pufky/wireguard-initramfs
-
I self host on my desktop, but it likes to crash. Any advice on remotely resetting a frozen system?
Once you manage to reset the system, wireguard-initramfs should work if you need to SSH into it from outside the LAN, though the project is only currently supported on Debian. Within the LAN, dropbear in your initramfs should be enough.
-
How can I encrypt the whole disk on cloud hosts to prevent them from seeing my data in backups/snapshots?
There are other initramfs packages available that expand features such as wireguard capability: https://github.com/r-pufky/wireguard-initramfs
- Connect to remote encrypted SSH Client
- r-pufky/wireguard-initramfs - Enables wireguard networking during kernel boot, before encrypted partitions are mounted. Combined with dropbear this can enable FULLY ENCRYPTED remote booting without storing key material or exposing ports on the remote network.
-
wireguard-initramfs for debian bullseye (e.g. dropbear over wireguard) [working]
FYI, this is now the case. 2021-07-04
Just posted the first rev of wireguard-initramfs for debian bullseye.
What are some alternatives?
mkinitcpio - Arch Linux initramfs generation tools (read-only mirror)
dracut-sshd - Provide SSH access to initramfs early user space on Fedora and other systems that use Dracut
yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition
ramroot - Load root file system to ram during boot.
zfsbootmenu - ZFS Bootloader for root-on-ZFS systems with support for snapshots and native full disk encryption
systemd - The systemd System and Service Manager
initramfs-tools-tailscale - Tailscale enabled initramfs
squashfs-tools-ng - A new set of tools and libraries for working with SquashFS images
pi-encrypted-boot-ssh - ๐ Raspberry Pi Encrypted Boot with Remote SSH
wireguard-install - WireGuard road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora