SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi everyone!
Yesterday I bought an SSD to give some fresh air to my old laptop, so now I have a spare HDD to use. Since my laptop has two SATA slots, I want to double it's memory using both drives on it.
The main one, the SSD, is encrypted with LUKS+LVM as described in the official docs. I want to encrypt the HDD, create one big partition on it (this disk will contain only "static", seldom-accessed files, like photos, videos, music, backups and archives, with folders symlinked to my /home on the other drive) and mount it at boot WITHOUT asking for another password.
The optimal solution could be encrypting the drive with a password, save that password on a file in the encrypted SSD (which is mounted first), and mount the HDD reading the encryption password from that file on the SSD, which at this point is already accessible.
A less optimal solution could be using a keyfile, but with this approach I couldn't be able to mount the HDD without the SSD...
So, how can I do that?
And also, is the single partition with simlinked folders a good solution? Do you have better suggestions? I'm open minded!
It's good howto. You need to ask your self did you really want it. I read on some sites and one of the problems that ppl point is: If bad sector appear after a while on the sectors where is your LUKS technical data and keys, you will unable to mount your partitions ever, but don't know if that is the true.
It's good howto. You need to ask your self did you really want it. I read on some sites and one of the problems that ppl point is: If bad sector appear after a while on the sectors where is your LUKS technical data and keys, you will unable to mount your partitions ever, but don't know if that is the true.
When your disk develops bad sectors there's a risk of data loss always, not just with a LUKS encrypted disk. A LUKS disk which you can no longer decrypt is 100% data loss at once of course, but if you do not have a backup strategy and hope that your hard disk will live forever, you will eventually have a big problem.
The stuff you can not afford to lose, make sure you back it up regularly.
I did it using /etc/crypttab to decrypt the drive and /etc/fstab to mount the mapped partition.
Security-wise, the LUKS volume is encrypted with a password stored plain-text in the /etc/crypttab file, which resides in my primary encrypted drive. This way I can mount the secondary drive wherever I need, and the key is still safe when the primary drive is not mounted. Of course I must assume the root drive is not compromised...
As for backup, all the data I care for has at least two replicas across my "hot" drives and one extra in a "cold" drive updated every 3 months. Plus, I'm looking forward to an online backup service (like Backblaze B2) to encrypt and upload my data with rclone.
I think my setup works fine for my kind of situation...
In your backup strategy, save LUKS headers. That should help to not lose all LUKS data.
Yep, you definitely want to backup the LUKS headers, check out "luksHeaderBackup" in the cryptsetup man page. If the header becomes corrupted (without a backup) then all encrypted data is irretrievable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.