Mount USB sooner / earlier in boot process

int0x80 · 09-29-2006, 08:02 AM

Here is the short of it:

I need my USB drive to mount sooner or earlier in the boot process, before the LVM and cryptdisks run.

Here is the long of it:

My laptop is undergoing an install to use dm-crypt and LVM2. The key for the filesystem encryption comes from a symmetric key file made with GPG, which is stored on the USB drive. Currently, the boot process tries to get the LVM and cryptdisk stuff running before the USB drive is mounted. Since the USB drive is unmounted, the filesystem crypto can't run, and nothing works.

This is how the cryptsetup command comes about:

Code:

# dd if=/dev/random bs=4k count=1 | gpg -a --cipher-algo AES256 -c - > /mnt/usb/keys/fs.gpg
# gpg -q -o - /mnt/usb/keys/fs.gpg | cryptsetup -v -c aes -h sha512 create cryptdisk /dev/hda5

My /etc/crypttab:

Code:

cryptdisk /dev/hda5 /mnt/usb/keys/fs.gpg cipher=aes,hash=sha512,keyscript=/usr/local/src/dmcrypto

The keyscript /usr/local/src/dmcrypto:

Code:

#!/bin/sh
/usr/bin/gpg -q -o - $1

In /etc/default/cryptdisks:

Code:

CRYPTDISKS_MOUNT="/mnt/usb"

And /etc/fstab:

Code:

/dev/sda1 /mnt/usb ext2 defaults 0 1

michaelk · 10-17-2006, 04:43 AM

Typically the USB modules are loaded after the boot process mounts the filesystems via the /etc/fstab file. You can add the modules to the inital ramdisk (initrd) or compile them into the kernel.