Follow below steps to enable unlocking LUKS full disk encrypted system using key file stored on USB stick
Format USB key with FAT32 filesystem.
Generate random keyfile:
dd if=/dev/urandom of=/path/to/usbdisk/keyfile bs=4096 count=1
Add key to luks volume:
cryptsetup luksAddKey /dev/sda6 /path/to/usbdisk/keyfile
Check USB partition disk UUID:
lsblk /dev/sdb1 -o NAME,UUID
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX - UUID of LUKS partition
YYYY-YYY - UUID of partiion on USB drive
Add keyfile information into /etc/crypttab
luks-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX keyfile:UUID=YYYY-YYYY discard,keyfile-timeout=5s
Add into /etc/default/grub
GRUB_CMDLINE_LINUX="resume=/dev/mapper/systemvg-swap rd.luks.uuid=luks-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX rd.luks.key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX=keyfile:UUID=YYYY-YYYY rd.luks.options=timeout=5s rd.lvm.lv=systemvg/root rd.lvm.lv=systemvg/swap systemd.unified_cgroup_hierarchy=0 mem_sleep_default=deep rd.plymouth=0 plymouth.enable=0 fbcon=nodefer"
update initramfs:
dracut -f
generate GRUB2 config:
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg