Install Dropbear on Ubuntu to decrypt LVM during boot
sudo apt install dropbear
Enable Dropbear on boot:
sudo nano /etc/initramfs-tools/initramfs.conf
Set BUSYBOX=y
and add DROPBEAR=y
Generate host key. Change to root
account for ease of handling.
cd /etc/dropbear-initramfs/
sudo su
/usr/lib/dropbear/dropbearconvert dropbear openssh dropbear_rsa_host_key id_rsa
dropbearkey -y -f dropbear_rsa_host_key | grep "^ssh-rsa " > id_rsa.pub
exit
Assume you have already set up OpenSSH server and sign-in with key. Copy authorized_keys
to be used by Dropbear.
sudo cp ~/.ssh/authorized_keys /etc/dropbear-initramfs/
Make Dropbear start with system.
sudo nano /etc/default/dropbear
Set NO_START=0
Set Dropbear options.
sudo nano /etc/dropbear-initramfs/config
It is recommended to use another port rather the 22 using by OpenSSH-Server, since it will prompt you signature change every time.
DROPBEAR_OPTIONS="-p 220"
Update.
sudo update-initramfs -u
Disable Dropbear after boot.
sudo systemctl disable dropbear
It is said that if splash screen is used the UI will be blocked. So disable it.
sudo nano /etc/default/grub
Change to GRUB_CMDLINE_LINUX_DEFAULT="quiet"
Update.
sudo update-grub
Finished.