-   Linux - Security (
-   -   crypttab with nfs mounted keyfile (

guna_pmk 04-12-2011 03:44 AM

crypttab with nfs mounted keyfile
Hi friends,

I am implementing hard drive encryption. I wish to pass a key file to the crypttab from an NFS mounted location. But I could see that the disk encryption process starts very early during the booting process, before fstab is run. I could not find which script, in rc5.d, starts this service.

And I am confused on how nfs mount are performed from fstab, as the network service starts at a very later stage than after fstab is called to mount the local partitions/disks. In my case, I have to wait until the nfs is mounted and then call the /dev/mapper mount (in fastab) to mount the encrypted partition.

Can somebody please clarify this?


jschiwal 04-13-2011 05:38 PM

Read through the boot scripts in /etc/init.d/. If you use the _netdev mount option, a script can run "mount -a -O no_netdev" to mount filesystems that aren't net devices, and defer mounting them until later. It isn't an option on how a filesystem is mounted, but used by scripts to control what gets mounted. Try grepping for no_netdev in the scripts.


I wish to pass a key file to the crypttab from an NFS mounted location.
Having the secret on an NFS share defeats the purpose of encryption. It will only protect you when you dispose of the hard drive. The passphrase should be committed to memory and not exist in a file, unless you have it locked in a safe.

guna_pmk 04-15-2011 06:14 AM

Apologies for not responding to your suggestion. I have not done anything on that yet. I shall update it when I have done something about this.

For the time being I have created a password protected encrypted volume.


All times are GMT -5. The time now is 11:44 PM.