LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 12-20-2017, 09:17 PM   #1
farmerdave
Member
 
Registered: Mar 2008
Location: Adelaide, Australia
Distribution: Arch, Slackware 13.37
Posts: 105
Blog Entries: 1

Rep: Reputation: 16
mount encrypted partition at boot using crypttab


I have an encrypted partition (non-root) which I wish to mount at boot time. I used dm-crypt/LUKS to do the encryption. I created a passphrase and a keyfile for the decryption.

My crypttab entry for mounting with the keyfile works fine and is
Code:
cryptFiles   /dev/sdb6   /etc/dm-crypt/secretfile
with an /etc/fstab entry
Code:
/dev/mapper/crytpFiles   /Data    ext4   defaults  0 2
If I change this to prompt me for the passphrase in my crypttab file with
Code:
cryptFiles   /dev/sdb6   none
then my boot fails. I never see a prompt for entering the password.

I believe the problem is with Plymouth (according to the Arch wiki). My system is actually dual boot (Fedora 27 and CentOS 7.0), and the exact same crypttab file that prompts me for a passphrase works fine in CentOS. I enter the password and the boot process continues.

The solution on the Arch wiki points to adding a "plymouth" hook in the mkinicpio.conf file and regenerating the initramfs, however I can't find any information about how to solve this for Fedora 27.

How can I boot Fedora and have a prompt for a passphrase for this encrypted partition?
 
Old 12-21-2017, 02:42 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,131
Blog Entries: 14

Rep: Reputation: 1264Reputation: 1264Reputation: 1264Reputation: 1264Reputation: 1264Reputation: 1264Reputation: 1264Reputation: 1264Reputation: 1264
I'll start by saying I've not worked with the encrypted filesystems.

What stands out to me in your post however, is your use of "/dev/sdb6". Is it possible that what your CentOS is identifying as sdb6 is NOT what your Fedora is identifying as sdb6 (i.e. maybe Fedora sees it as sda6 or sdc6)?

The sd devices aren't guaranteed to be the same on every boot which is why even for unencrypted devices it is recommended you label the device and use that label rather than the name in fstab.
 
Old 12-21-2017, 07:33 PM   #3
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,690

Rep: Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603
As an experiment, try adding "nofail" to the options in the /etc/fstab entry. That should allow the boot to succeed without that mount, and then you can then see whether your encrypted device is really /dev/sdb6 or elsewhere.

Your LUKS partition may not have an accessible LABEL until it has been successfully unlocked (unless you are using GPT, the only LABEL is in the ext4 filesystem super block), but it does have a LUKS UUID that I believe you could use in /etc/crypttab if the device identity does turn out to be the problem.

Last edited by rknichols; 12-21-2017 at 07:36 PM.
 
Old 12-22-2017, 03:19 AM   #4
farmerdave
Member
 
Registered: Mar 2008
Location: Adelaide, Australia
Distribution: Arch, Slackware 13.37
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 16
Thanks for the answers, I'll investigate. I did try the UUID instead and it still didn't work, but I'll double check my attempts. As I mentioned though, if I specify the full path to the keyfile it works fine, UUID or /dev doesn't matter.
 
Old 12-22-2017, 03:20 AM   #5
farmerdave
Member
 
Registered: Mar 2008
Location: Adelaide, Australia
Distribution: Arch, Slackware 13.37
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 16
Trouble is that this is my work computer that is causing problems, and I've just knocked off for Christmas!
 
Old 01-18-2018, 11:22 PM   #6
farmerdave
Member
 
Registered: Mar 2008
Location: Adelaide, Australia
Distribution: Arch, Slackware 13.37
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 16
I'm still having trouble with this.

I once again tried using UUIDs instead of /dev/sdb6 but it made no difference. I also tried nofail to the options in /etc/crypttab, but still don't get a password prompt.

I am at the point where I can start the pc, get past grub, get a black screen but type the luks password and decrypt the volume and magically get to my display manager login screen. I achieved this by removing 'rhgb' from the kernel boot parameters.

One other interesting thing (possibly related?) is that I can switch to another TTY using 'Ctrl + Alt + F2' and can see the boot messages, but I have no login on F2-F6, its all the same messages. 'Ctrl + Alt + F1' takes me back to my graphical environment. I'm using sddm , and if I edit the /etc/sddm.conf line to provide extra Virtual consoles
Code:
MinimumVT=7
then I need to use 'Ctrl Alt + F7' to get back to graphical, but I still have no login on the other consoles, just the same boot text.

I've tried a range of different grub parameters in /etc/default/grub such as GRUB_TERMINAL_OUTPUT="console", GRUB_GFXPAYLOAD_LINUX="text" and GRUB_ENABLE_CRYPTODISK="y" but I don't see any difference.

At this point I'd welcome any other suggestions!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to auto mount an encrypted partition on boot up in rhel7.3? chickenjoy Linux - Security 1 07-19-2017 01:38 PM
[SOLVED] How to mount an encrypted partition in opensuse 11.1 entz SUSE / openSUSE 4 11-03-2009 07:39 PM
knoppix 5.1-- how to mount an encrypted partition? bezdomny Linux - Software 2 07-13-2008 12:19 AM
mount luks encrypted partition with kdm mattydee Slackware 2 01-28-2008 01:32 AM
Encrypted partition does not mount on boot applewax SUSE / openSUSE 2 01-06-2005 12:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 09:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration