Ubuntu 24.04: decrypt the root partition with a keyscript

Here is how to decrypt the root partition at boot time automatically on Ubuntu (and Debian-derivatives).

Warning: this is not a good security practice. Anyone who can physically access your computer can find the decryption key and therefore access your data.

In the example below, the encrypted partition is /dev/vda3, replace it with your own.

Find the key size in bits:

cryptsetup luksDump /dev/vda3 | grep 'Key:'
        Key:        512 bits

Create a random key of 512 bits or 64 bytes using dd:

dd if=/dev/urandom bs=1 count=64 of=/etc/cryptroot.key
chmod 600 /etc/cryptroot.key

Allow the key to decrypt the partition:

cryptsetup luksAddKey /dev/vda3 /etc/cryptroot.key

Write a keyscript file to output the key at boot time:

echo "cat /etc/cryptroot.key" > /lib/cryptsetup/scripts/keyscript
chmod 700 /lib/cryptsetup/scripts/keyscript

Write a hook for initramfs-tools to copy the key file to the initramfs:

cp /etc/cryptroot.key $DESTDIR/etc/cryptroot.key

Edit /etc/crypttab to specify the keyfile and the keyscript. In the 3rd column, add the path to the key file. In the 4th column, add keyscript=keyscript. Note that keyscript here is a file relative to /lib/cryptsetup/scripts.

dm_crypt-0 UUID=xxxx /etc/cryptroot.key luks,discard,keyscript=keyscript

Update your initramfs:

update-initramfs -k all -u

Reboot. The computer should not ask you a password to decrypt the disk.

Source with error handling scripts: https://devork.be/blog/2016/12/encrypted-root-on-debian-with/