Use secondary encrypted hard drive
Hi everyone!
Yesterday I bought an SSD to give some fresh air to my old laptop, so now I have a spare HDD to use. Since my laptop has two SATA slots, I want to double it's memory using both drives on it. The main one, the SSD, is encrypted with LUKS+LVM as described in the official docs. I want to encrypt the HDD, create one big partition on it (this disk will contain only "static", seldom-accessed files, like photos, videos, music, backups and archives, with folders symlinked to my /home on the other drive) and mount it at boot WITHOUT asking for another password. The optimal solution could be encrypting the drive with a password, save that password on a file in the encrypted SSD (which is mounted first), and mount the HDD reading the encryption password from that file on the SSD, which at this point is already accessible. A less optimal solution could be using a keyfile, but with this approach I couldn't be able to mount the HDD without the SSD... So, how can I do that? And also, is the single partition with simlinked folders a good solution? Do you have better suggestions? I'm open minded! Thanks in advance! |
Hi!
You can achieve this by using a keyfile. I used this tutorial when I did this the first time: https://tutorials.technology/tutoria...to-fedora.html Its for fedora but works just as well on slackware. Kr Melke |
It's good howto. You need to ask your self did you really want it. I read on some sites and one of the problems that ppl point is: If bad sector appear after a while on the sectors where is your LUKS technical data and keys, you will unable to mount your partitions ever, but don't know if that is the true.
|
Quote:
The stuff you can not afford to lose, make sure you back it up regularly. |
Yes,
you just point with a little more words what I trying to say. It's will lose all data not only one picture. |
In your backup strategy, save LUKS headers. That should help to not lose all LUKS data.
|
I did it using /etc/crypttab to decrypt the drive and /etc/fstab to mount the mapped partition.
Security-wise, the LUKS volume is encrypted with a password stored plain-text in the /etc/crypttab file, which resides in my primary encrypted drive. This way I can mount the secondary drive wherever I need, and the key is still safe when the primary drive is not mounted. Of course I must assume the root drive is not compromised... As for backup, all the data I care for has at least two replicas across my "hot" drives and one extra in a "cold" drive updated every 3 months. Plus, I'm looking forward to an online backup service (like Backblaze B2) to encrypt and upload my data with rclone. I think my setup works fine for my kind of situation... |
Quote:
|
All times are GMT -5. The time now is 11:11 PM. |