I’ve been playing around with bcachefs and thought I’d try out its native encryption. Works great and all, but it’s missing the robust tools luks has. No crypttab or other obvious ways of handling automatic decryption.
Does anybody have some nice systemd service configs or scripts to handle this?
My use case is a mostly permanently attached external ssd, so I’d be also be fine with a more permanent solution.
I would also want to know whether encrypted root is already supported. Anyone tried it out?
I read about there’s GitHub - latchset/clevis: Automated Encryption Framework,
but how do I integrate this with bcachefs
bcachefs encrypted file systems, including the root fs, should pretty much work out of the box already.
The clevis stuff is an additional layer that isn’t necessary if you just want to enter a decryption passphrase during bootup. But there’s a section in the manual about it