Here is the short of it:
I need my USB drive to mount sooner or earlier in the boot process, before the LVM and cryptdisks run.
Here is the long of it:
My laptop is undergoing an install to use dm-crypt and LVM2. The key for the filesystem encryption comes from a symmetric key file made with GPG, which is stored on the USB drive. Currently, the boot process tries to get the LVM and cryptdisk stuff running before the USB drive is mounted. Since the USB drive is unmounted, the filesystem crypto can't run, and nothing works.
This is how the cryptsetup command comes about
:
Code:
# dd if=/dev/random bs=4k count=1 | gpg -a --cipher-algo AES256 -c - > /mnt/usb/keys/fs.gpg
# gpg -q -o - /mnt/usb/keys/fs.gpg | cryptsetup -v -c aes -h sha512 create cryptdisk /dev/hda5
My /etc/crypttab:
Code:
cryptdisk /dev/hda5 /mnt/usb/keys/fs.gpg cipher=aes,hash=sha512,keyscript=/usr/local/src/dmcrypto
The keyscript /usr/local/src/dmcrypto:
Code:
#!/bin/sh
/usr/bin/gpg -q -o - $1
In /etc/default/cryptdisks:
Code:
CRYPTDISKS_MOUNT="/mnt/usb"
And /etc/fstab:
Code:
/dev/sda1 /mnt/usb ext2 defaults 0 1