Add recommended initramfs regeneration

I recently tried adding a FIDO2-Device as an unlocking method to the LUKS2 partition containing my Fedora install.
When trying to do this, I stumbled upon the here edited man files detailing how to do this.
I however could not unlock my partition with my FIDO2-Device after editing /etc/crypttab and rebooting.
As I found out after a while, I needed to regenerate / update my currently running / used initramfs (https://unix.stackexchange.com/a/705809).
This would have most likely solved itself for me with the next kernel update install (as far as I understand).
So I propose changing the files edited here to recommend or at least inform the user about this.

diff --git a/man/fido2-crypttab.sh b/man/fido2-crypttab.sh
index b584a13bdfbdfd5c7f479abbfeeb9a361c1f9112..fe7351520a6300d8589f5a1a5fcc51aad6cd99e7 100644 (file)
--- a/man/fido2-crypttab.sh
+++ b/man/fido2-crypttab.sh
@@ -10,3 +10,12 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=
 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future.
 sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >>/etc/crypttab'
+
+# Depending on your distribution and encryption setup, you may need
+# to manually regenerate your initramfs to be able to use
+# a FIDO2-Device to unlock the partition during early boot.
+# More information at https://unix.stackexchange.com/a/705809
+# On Fedora based systems:
+sudo dracut --force
+# On Debian based systems:
+sudo update-initramfs -u

diff --git a/man/tpm2-crypttab.sh b/man/tpm2-crypttab.sh
index c2c7405b266820747c38e9d24275667348fd45c2..f5f6e3a43db08f880319529df4f01a1afc1d9e56 100644 (file)
--- a/man/tpm2-crypttab.sh
+++ b/man/tpm2-crypttab.sh
@@ -10,3 +10,12 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=a
 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future.
 sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >>/etc/crypttab'
+
+# Depending on your distribution and encryption setup, you may need
+# to manually regenerate your initramfs to be able to use
+# a TPM2 security chip to unlock the partition during early boot.
+# More information at https://unix.stackexchange.com/a/705809
+# On Fedora based systems:
+sudo dracut --force
+# On Debian based systems:
+sudo update-initramfs -u

diff --git a/man/yubikey-crypttab.sh b/man/yubikey-crypttab.sh
index d74dfa5cc294f3d38a799b6296bdd2b0af528bfe..f50a3496313b37446c6279de41997bdd75aa02d9 100644 (file)
--- a/man/yubikey-crypttab.sh
+++ b/man/yubikey-crypttab.sh
@@ -26,3 +26,12 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=au
 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future.
 sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >>/etc/crypttab'
+
+# Depending on your distribution and encryption setup, you may need
+# to manually regenerate your initramfs to be able to use a
+# Yubikey / PKCS#11 Token to unlock the partition during early boot.
+# More information at https://unix.stackexchange.com/a/705809
+# On Fedora based systems:
+sudo dracut --force
+# On Debian based systems:
+sudo update-initramfs -u