LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (http://www.linuxquestions.org/questions/fedora-35/)
-   -   Skip mounting encrypted volume at boot (http://www.linuxquestions.org/questions/fedora-35/skip-mounting-encrypted-volume-at-boot-907378/)

Yalla-One 10-10-2011 08:11 AM

Skip mounting encrypted volume at boot
 
Hi,

I have one partition on my server running Fedora 15 that is encrypted. Whenever the server boots, it asks for the password in the boot process and does not proceed until this password has been entered.

I would like the system not to mount the encrypted volume at boot, but rather let me mount it manually when needed.

Trying to achieve this, I edited /etc/fstab for the volume in question to replace "defaults" with "noauto", but that did not make any difference.

The fstab is currently as follows:
Code:

#
# /etc/fstab
# Created by anaconda on Tue Oct  4 09:56:30 2011
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_majestix-lv_root /                      ext4    defaults        1 1
UUID=44fbda9a-0c4a-41df-add2-a24b46ea41c9 /boot                  ext4    defaults        1 2
/dev/mapper/luks-090c1edc-6056-4fa3-8ce1-ff3eb9623613 /export                ext4    noauto        1 2
/dev/mapper/vg_majestix-lv_home /home                  ext4    defaults        1 2
/dev/mapper/vg_majestix-lv_swap swap                    swap    defaults        0 0
tmpfs                  /dev/shm                tmpfs  defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                  /sys                    sysfs  defaults        0 0
proc                    /proc                  proc    defaults        0 0

This causes the volume in question (/export) not to be mounted, but LUKS still asks for the encrypted password at boot, which tells me I need to edit something else elsewhere...

If anyone could kindly point me towards what/where to change in order for /export not to be mounted at boot, I would greatly appreciate it!

stormtracknole 10-10-2011 09:02 AM

Have you tried commenting out that volume from /etc/fstab? Worth a try.

rknichols 10-10-2011 09:40 AM

If you have no LUKS partitions that you do want mounted during boot, add this to the options passed to the kernel during boot:
Code:

rd_NO_LUKS
or the newer syntax
Code:

rd.luks=0
Kernel version 2.6.38 should accept either syntax. The old "rd_NO_LUKS" syntax is scheduled to become obsolete in kernel 2.6.39.

Further reading at https://fedoraproject.org/wiki/Dracu...ns#crypto_LUKS and http://dracut.git.sourceforge.net/gi...2469e2838839fe

stormtracknole 10-10-2011 03:32 PM

Quote:

Originally Posted by rknichols (Post 4494554)
If you have no LUKS partitions that you do want mounted during boot, add this to the options passed to the kernel during boot:
Code:

rd_NO_LUKS
or the newer syntax
Code:

rd.luks=0
Kernel version 2.6.38 should accept either syntax. The old "rd_NO_LUKS" syntax is scheduled to become obsolete in kernel 2.6.39.

Further reading at https://fedoraproject.org/wiki/Dracu...ns#crypto_LUKS and http://dracut.git.sourceforge.net/gi...2469e2838839fe

Did you mean to write, if you DO have a LUKS partition and don't want it mounted? Either, thank you for the good info. I'll make a mental note about this.

rknichols 10-10-2011 05:35 PM

I meant it the way I wrote it. I was considering the possibility that there might be other LUKS partitions that you set up in /etc/crypttab because you did want them mounted at boot time. Using rd_NO_LUKS would be the wrong thing to do in that case, but the references I cited do show how to mount only specified encrypted volumes, and ignore others, at boot time.

stormtracknole 10-10-2011 10:31 PM

Quote:

Originally Posted by rknichols (Post 4495027)
I meant it the way I wrote it. I was considering the possibility that there might be other LUKS partitions that you set up in /etc/crypttab because you did want them mounted at boot time. Using rd_NO_LUKS would be the wrong thing to do in that case, but the references I cited do show how to mount only specified encrypted volumes, and ignore others, at boot time.

Gotcha, thanks for the explanation.

Yalla-One 10-11-2011 01:37 AM

OK, I found the complete solution.
I did not want to comment out the fstab entry completely in order to facility easy mounting later. Furthermore, I also did not want to make changes to the parameters passed to the kernel.
The solution turned out to be rather easy:
  1. Get rid of /etc/crypttab
  2. Add "noauto" to the encrypted volume in /etc/fstab
  3. To mount, type "cryptsetup luksOpen /dev/mapper/encrypted-device encrypted-luks
  4. To mount, type "mount /dev/mapper/encrypted-luks /mountpoint

By removing /etc/crypttab, the luks process is not run at boot-time, and adding "noauto" makes sure that the encrypted volume is not attempted to be mounted.

-y1


All times are GMT -5. The time now is 11:44 AM.