(In reply to Andreas Stieger from comment #1) > [...] But please be aware that the security drawback is that in the > running system, the keyfile would be readable in plain from /boot. Is that any worse than being able to use the --showkeys option of dmsetup?