Using Virtual Box with CentOS7 VM.
Create several partitions with extended at sd3 and logical partitions at sd4, sd5, sd6
[user1@localhost ~]$ lsblk -f
( Columns LABEL , UUID , and MOUNTPOINT were deleted to reduce clutter. )
Quote:
NAME FSTYPE LABEL
sda
├─sda1 xfs
├─sda2 LVM2_membe
│ ├─centos-root
xfs
│ └─centos-swap
swap
├─sda3
├─sda4 ext2
├─sda5 ext3
└─sda6 crypto_LUK
|
BOXADDITIONS_5.0 … …. … /run/media/user1/VB
[/QUOTE]
----------------------------------------
luks_keyfile is a text file containing passphrase.
/hone/user1/mntsda6 is the mount point for LUKS device via device mapper /dev/mapper/sda6_mapper
cipher aes is supported as shown in /proc/crypto
Manually, I was able to create LUKS device for partition sd6, like so:
1) Create container for LUKS device
Quote:
sudo cryptsetup luksFormat /dev/sda6 --key-file luks_keyfile
|
2) Make luks device avaiable via device mapper
Quote:
sudo cryptsetup luksOpen /dev/sda6 sda6_mapper --key-file luks_keyfile
|
Truncated results for command: lsblk -f
Quote:
└─sda6 crypto_LUK
└─sda6_mapper
|
3)
Quote:
sudo mkfs.ext4 /dev/mapper/sda6_mapper
|
4)
Quote:
sudo mount /dev/mapper/sda6_mapper ~/mntsda6
|
5)To prevent access via mount point:
6) To close LUKS device sda6
Quote:
sudo cryptsetup close sda6_mapper
|
I was able to create and edit files in ~/mntsda6. So it appears to work!
==============================
Now I wanted to have sda6 available at boot time everytime.
I added these lines to /etc/fstab
Quote:
# mounting cryptsetup LUKS block device via device mapper to mount point ~/mntsda6
/dev/mapper/sda6_mapper /home/user1/mntsda6 ext4 defaults 0 0
|
-------------------
And I added these lines to /etc/crypttab
Quote:
# cryptsetup boot setup for luks device /sda6 device mapper name is sda6_mapper
sda6_mapper /dev/sda6
|
=================
But the additions to fstab and crypttab do not work!
In addition, when CentOS7 boots up, it asked for passphrase three times!
How do you prevent it from asking passphrases 3 times?
Once is enough!
Please advice.
Thank you.