LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-19-2016, 03:04 AM   #1
fanoflq
Member
 
Registered: Nov 2015
Posts: 235

Rep: Reputation: Disabled
Learning cryptsetup-LUKS for block device encryption: boot problem


Using Virtual Box with CentOS7 VM.
Create several partitions with extended at sd3 and logical partitions at sd4, sd5, sd6

[user1@localhost ~]$ lsblk -f
( Columns LABEL , UUID , and MOUNTPOINT were deleted to reduce clutter. )

Quote:
NAME FSTYPE LABEL
sda
├─sda1 xfs
├─sda2 LVM2_membe
│ ├─centos-root
xfs
│ └─centos-swap
swap
├─sda3
├─sda4 ext2
├─sda5 ext3
└─sda6 crypto_LUK
BOXADDITIONS_5.0 … …. … /run/media/user1/VB
[/QUOTE]

----------------------------------------
luks_keyfile is a text file containing passphrase.

/hone/user1/mntsda6 is the mount point for LUKS device via device mapper /dev/mapper/sda6_mapper

cipher aes is supported as shown in /proc/crypto

Manually, I was able to create LUKS device for partition sd6, like so:


1) Create container for LUKS device
Quote:
sudo cryptsetup luksFormat /dev/sda6 --key-file luks_keyfile
2) Make luks device avaiable via device mapper
Quote:
sudo cryptsetup luksOpen /dev/sda6 sda6_mapper --key-file luks_keyfile
Truncated results for command: lsblk -f

Quote:
└─sda6 crypto_LUK
└─sda6_mapper
3)
Quote:
sudo mkfs.ext4 /dev/mapper/sda6_mapper
4)
Quote:
sudo mount /dev/mapper/sda6_mapper ~/mntsda6
5)To prevent access via mount point:
Quote:
umount ~/mntsda6
6) To close LUKS device sda6
Quote:
sudo cryptsetup close sda6_mapper
I was able to create and edit files in ~/mntsda6. So it appears to work!
==============================

Now I wanted to have sda6 available at boot time everytime.
I added these lines to /etc/fstab

Quote:
# mounting cryptsetup LUKS block device via device mapper to mount point ~/mntsda6

/dev/mapper/sda6_mapper /home/user1/mntsda6 ext4 defaults 0 0
-------------------
And I added these lines to /etc/crypttab

Quote:
# cryptsetup boot setup for luks device /sda6 device mapper name is sda6_mapper

sda6_mapper /dev/sda6
=================

But the additions to fstab and crypttab do not work!
Quote:
Why?
In addition, when CentOS7 boots up, it asked for passphrase three times!
How do you prevent it from asking passphrases 3 times?
Once is enough!

Please advice.
Thank you.

Last edited by fanoflq; 04-19-2016 at 03:05 AM.
 
Old 04-19-2016, 03:26 AM   #2
fanoflq
Member
 
Registered: Nov 2015
Posts: 235

Original Poster
Rep: Reputation: Disabled
never mind.
I solved it.

crypttab should be:
Quote:
# cryptsetup boot setup for luks device /sda6 device mapper name is sda6_mapper

sda6_mapper /dev/sda6 /home/user1/luks_keyfile luks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
luks encryption and boot badenov Linux - Newbie 4 12-18-2014 02:38 PM
Different between Device Mapper and DM-Crypt and Cryptsetup , LUKS saeedsssss Linux - Software 1 10-01-2012 03:57 AM
13 2.6.29.6 cryptsetup luks wrong device name in /dev/mapper/* TheSoftRock Slackware 1 03-04-2010 06:51 PM
cryptsetup-luks question nomb Linux - Software 4 06-14-2007 11:22 AM
cryptsetup-luks error flying-tuxman Linux - Security 2 11-20-2006 12:08 PM


All times are GMT -5. The time now is 10:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration