Read-only LUKS encrypted root filesystem, possible?


I just tried to make the LUKS encrypted root filesystem read-only, as outlined here (root fs overlay). But after reboot, the zymkey is no longer bound (console says: ERROR: no zymkeys installed.)

Is the zymkey somehow bound to (some ID of) the filesystem? Has anyone else tried this?

Thanks in advance.


I solved it by running update_encr_initrd (with no arguments) instead of update-initramfs after setting up the overlay scripts.