Ask Your Question
2

How to auto mount Luks encrypted partition at boot in Fedora 22

asked 2015-07-08 17:40:17 -0600

shatadru gravatar image

updated 2015-07-08 17:44:04 -0600

Partition format :

|    Hard drive (/dev/sda)       |
| /boot      |  Encrypted Volume |
|/dev/sda1   | /dev/sda2         |
|            |  LVM (root,home)  |

Here is my fstab :

/dev/mapper/fedora21-root /                       ext4    defaults,x-systemd.device-timeout=0 1 1
UUID=<uuid> /boot                   ext4    defaults        1 2

Here is my /ect/crypttab :

luks UUID=<luks uuid> /boot/key_luks luks

I have added the key (/boot/key_luks) in one of the key slot of Luks

However while boot it is asking for password, is there a guide to properly automount a Lulks partition ? When only encrypted volume is /boot ?

JFYI : Added the key using following command :

  #dd if=/dev/urandom of=/boot/key_luks bs=1024 count=4
  #cryptsetup luksAddKey /dev/sda2 /boot/key_luks

Edit: Also rebuilt the initramfs and checked the changes were reflected in the initramfs. However It is still asking for password!

edit retag flag offensive close merge delete

Comments

What's the point? If your encrypted partitions automatically mount, then the encryption isn't providing any security.

randomuser gravatar imagerandomuser ( 2015-07-08 23:32:02 -0600 )edit

To auto mount LUKS encrypted partition I suppose you need to add the entry(mount device and mount point) in /etc/crypttab file.

krishnayeddula gravatar imagekrishnayeddula ( 2015-07-09 03:41:20 -0600 )edit

Thanks for the reply. @randomuser : True. The next plan is putting it(the kery file) in a USB and if the USB is mounted then only it will work. However atleast it should work as per "man 5 crypttab"

 The third field specifies the encryption password. If the field is not present or the password is set to "none" or "-", the password has to be manually entered during system boot. Otherwise, the field is interpreted as a absolute path to a file containing the encryption password.

@krishnayeddula : I have already edited /etc/crypttab and made sure changes were populated in initramfs

shatadru gravatar imageshatadru ( 2015-07-09 07:38:52 -0600 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-07-10 04:54:50 -0600

shadowhh32 gravatar image

Be careful doing that or changing /etc/fstab. Everytime I try with fc21 to do that for encrypted swap I wind up with an unbootable dracut UUID error.The bug has already been filed.No, we dont use encrypted swap by default and we should. Ive noticed this also with encrypted swap using a urandom key generated at boot. You still get asked for the mount password, even though you have no clue what it is. This is a BUG, you shouldnt get asked for the password when its already set. The whole point is to use a randomly generated key in the first place.The less you know and the stronger your mount password is , the safer you data are.I personally think we should all move to HW tokens. Passwords are so 1960.

edit flag offensive delete link more
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-07-08 17:40:17 -0600

Seen: 3,421 times

Last updated: Jul 10 '15

Related questions

Fedora 22, disk-encryption passphrase, POST failure, dracut

[RESOLVED] LUKS partition entry removed by mistake, not formatted

Proper way to unlock drive using keyfile on /boot?

LUKS encrypted partition requires two passwords

locating fsck.crypto_LUKS and unlocking a encrypted volume

How to disable cryptography in a partition? (Fedora 19)

Disk decryption no longer uses UI

No password screen luks

Howto rescue Fedora 22 LXDE x86_64 system with LUKS with corrupt boot sector?

Add new internal drive to existing encrypted disk setup

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2