I use full disk encryption using LVM on LUKS on all of my desktops and laptops. I trust my memory more than I do any USB device and so I rely on typing in a passphrase during the boot process. Doing so is tedious, because in general my prefered keyboard layout (Colemak) is not available before the root partition has been mounted. The correct solution is to include the Colemak keyboard layout as part of the initramfs.
Instead I propose the following hack: Add a passphrase to the LUKS container such that it is correct when one types the normal passphrase on the unfamiliar keyboard layout, in my case those layouts are Colemak and QWERTY. First let's define some terms:
- Layout1-Layout2 Conjugate: The Layout1-Layout2 Conjugate of the string s is the string that would result from typing s as if one is using a Layout1 keyboard, but while actually typing on a Layout2 keyboard. The Colemak-QWERTY Conjugate of the string 'correct' is 'c;sskcf'. Similarly, the QWERTY-Colemak Conjugate of the string 'correct' is 'cyppfcg'. Importantly the inverse operation of the Layout1-Layout2 Conjugate is the Layout2-Layout1 Conjugate. For example, the QWERTY-Colemak Conjugate of 'c;sskcf' is 'correct'.
In my case, I have to type my passphrase on a QWERTY keyboard during the early boot process, but I want to type it as if I am typing on a Colemak keyboard. This will result in the Colemak-QWERTY Conjugate as defined above. If my passphrase is 'correct horse battery staple', I will produce the string 'c;sskcf h;sdk baffkso dfaruk' in this manner. In order for this to correctly unlock my LUKS container, I should set this as an additional passphrase.