Tip: If the device path you want to access contains the character :, you have to escape it with a backslash \. For example, cryptkey=UUID= ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ:0:512 reads a 512 byte keyfile starting at the beginning of the device. path is the absolute path of the keyfile within the device.Įxample: cryptkey=LABEL=usbstick:vfat:/secretkeyįor a bitstream on a device the key's location is specified with the following:.fstype is the filesystem type of device (or auto).
![veracrypt stuck on booting veracrypt stuck on booting](https://i.imgur.com/IwwlGO4.jpg)
Usage of persistent block device naming is strongly recommended. device is the raw block device where the key exists.It can have three parameter sets, depending on whether the keyfile exists as a file in a particular device, a bitstream starting on a specific location, or a file in the initramfs. This parameter specifies the location of a keyfile and is required by the encrypt hook for reading such a keyfile to unlock the cryptdevice (unless a key is in the default location, see below). Tip: One may want to enable Discard/TRIM support for solid state drives (SSD). The parameter follows the form of cryptdevice= /dev/vgname/lvname: dmname. It is then followed by the respective volume group to be mapped to root. If a LVM contains the encrypted root, the LVM gets activated first and the volume group containing the logical volume of the encrypted root serves as device.If no options are required, omit this parameter (use cryptdevice= device: dmname). options (optional) are comma separated options, e.g.dmname is the device- mapper name given to the device after decryption, which will be available as /dev/mapper/ dmname.device is the path to the device backing the encrypted device.It is parsed by the encrypt hook to identify which device contains the encrypted system: This parameter will make the system prompt for the passphrase to unlock the device containing the encrypted root on a cold boot. Setting additional options that are supported by crypttab, e.g.Using a detached LUKS header ( FS#42851).Only one device can be unlocked in the initramfs. Unlocking multiple encrypted disks ( FS#23182).Note: Compared to the sd-encrypt hook, the encrypt hook does not support: If the root file system is contained in a logical volume of a fully encrypted LVM, the device mapper for it will be in the general form of root=/dev/ volumegroup/ logicalvolume.If a LVM gets activated first and contains an encrypted logical rootvolume, the above form applies as well.If the file system is formatted directly on the decrypted device file this will be /dev/mapper/ dmname.The root= parameter specifies the device of the actual (decrypted) root file system: See also GRUB#Warning when installing in chroot as another point to be aware of when installing the GRUB loader. root and resume are specified the same way for both.įor example, if using GRUB, the relevant parameters are added to /etc/default/grub before generating the main configuration file. The kernel parameters you need to specify depend on whether the encrypt hook or the sd-encrypt hook is being used. HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt lvm2 filesystems fsck) HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)Ī configuration with systemd-based initramfs using sd-encrypt hook:
![veracrypt stuck on booting veracrypt stuck on booting](https://www.frostclick.com/wp/wp-content/uploads/2016/02/vera_crypt.png)
ExamplesĪ typical /etc/nf configuration using encrypt hook: Note: Remember to regenerate the initramfs after making any changes to /etc/nf. Needed to make keyboards work in early userspace. This hook must be placed after the udev or systemd hook. It is not needed in all the other cases, as system initialization scripts like /etc/crypttab take care of unlocking other encrypted partitions.
![veracrypt stuck on booting veracrypt stuck on booting](https://sourceforge.net/p/veracrypt/tickets/_discuss/thread/b35b505deb/c409/30f2/attachment/1.png)
#Veracrypt stuck on booting how to#
The following sections describe how to configure mkinitcpio and list which kernel parameters are required.ĭepending on the particular scenarios, a subset of the following mkinitcpio hooks will have to be enabled:Īlways needed when encrypting the root partition, or a partition that needs to be mounted before root. The instructions on what to unlock are topically passed via kernel parameters.