Encrypted tmp partition using random key at boot.

Xyne · 2008-08-31 01:13:35

I'm setting this up on top of LVM, but that shouldn't matter as I can successfully create the swap partition on top of the logical volume. I have my hooks in the right order (lvm2 encrypt filesystems).

According to the "System Encryption with LUKS for dm-crypt" wiki page, the crypttab line takes this format:

tmp    /dev/mapper/volgroup-tmp    /dev/urandom    -c aes-xts-plain -s 512

with the options being passed as they would on the command line in the 4th column. Of course, this creates an encrypted device without a file system (no problems there). According to http://linux.die.net/man/5/crypttab, there should be an option "tmp" that takes care of formatting the device and also sets the correct /tmp permissions. If I try to add "tmp" to the line, it fails with a usage error at boot.

Googling turns up wiki pages for gentoo (which uses cryptfs instead of crypttab), and fedora and ubuntu wikipages/forum posts that all give this syntax for the crypttab line:

tmp    /dev/lvm/tmp    /dev/urandom    tmp, cipher=aes-xts-plain, size=512

i.e. a comma-delimited list instead of a space-delimited list as in the Arch crypttab file. That fails at boot.

So, how do I use the "tmp" option mentioned in the crypttab man page? If that doesn't work, how do I use a random key to encrypt my tmp partition and then mount it while booting?

Thanks for any help.

p.s. the wiki page says to use "tmpfs" as a file system in fstab, but if I've understood it correctly, that creates a ram disk for tmp and completely bypasses the encrypted tmp partition, which makes it a complete waste of disk space (if I get this working, I'll update the wiki).

the_eye · 2008-09-01 08:32:47

note: I'm also very interested about this and eagerly await a note as to how to solve it. I come from gentoo and was used to doing it there ..

Xyne · 2008-09-02 22:24:09

For now, I'v increased my swap partition (LVM = great) and am encrypting it with random keys. For tmp, I'm using tmpfs with this line in fstab:

/dev/null /tmp tmpfs  size=5g,mode=1777 0 0

At least this doesn't waste a disk, although I would still like to know how to use "tmp".

the_eye · 2008-09-08 08:54:47

not an option for me, sadly, since my box is swapping like crazy already .. not enough memory for lots of firefox-tabs it seems.

Janusz11 · 2009-07-19 18:05:40

Well, has anyone managed getting an encrypted /tmp partition to work with a random key? Because that's what I'm trying to set up. I followed the wiki and managed to set up root, home and swap but not tmp. The problem is that fstab is complaining about the non-existent file system on the partition.

I have read uncountable wiki's and what not concerning this issue and they all mention that one has to put 'tmp' in the /etc/crypttab. But as mentioned above, that is not working.

Last edited by Janusz11 (2009-07-19 18:12:19)

Janusz11 · 2009-08-30 10:07:27

Janusz11 wrote:

Well, has anyone managed getting an encrypted /tmp partition to work with a random key? Because that's what I'm trying to set up. I followed the wiki and managed to set up root, home and swap but not tmp. The problem is that fstab is complaining about the non-existent file system on the partition.
I have read uncountable wiki's and what not concerning this issue and they all mention that one has to put 'tmp' in the /etc/crypttab. But as mentioned above, that is not working.

Well, I'd like to revive this thread again.

Can someone comment if it is now, after the latest update of Arch, possible to add a (separate) encrypted /tmp partition like it is described in the wiki?

814ckf0x · 2012-05-17 09:31:50

Following the Ubuntu Guide for do this you MUST use "tmp" special keyword as PASSWORD in the crypttab file, but in arch linux it doesn't work... even the key words are differents... as xyne mentioned...

+--------------+--------------------+
| [url=http://linux.die.net/man/5/crypttab]Man crypttab[/url] | Arch Linux Crypttab|
+--------------+--------------------+
| verify       | ASK                |
| swap         | SWAP               |
| tmp          | ?                  |
+--------------+--------------------+

Last edited by 814ckf0x (2012-05-17 09:32:24)

Trilby · 2012-05-17 12:35:37

Holy NecroBump.

I don't think the question about the latest update as of 3 years ago, is still relevant!

fsckd · 2012-05-17 16:22:15

814ckf0x thanks for that info and welcome to the forums.
I'm closing this as per our policy: Forum Etiquette: Old Threads / Necro-Bumping.
If Xyne or anyone thinks this thread is still relevant and should be reopened, they can contact me or the other moderators.

Arch Linux

#1 2008-08-31 01:13:35

Encrypted tmp partition using random key at boot.

#2 2008-09-01 08:32:47

Re: Encrypted tmp partition using random key at boot.

#3 2008-09-02 22:24:09

Re: Encrypted tmp partition using random key at boot.

#4 2008-09-08 08:54:47

Re: Encrypted tmp partition using random key at boot.

#5 2009-07-19 18:05:40

Re: Encrypted tmp partition using random key at boot.

#6 2009-08-30 10:07:27

Re: Encrypted tmp partition using random key at boot.

#7 2012-05-17 09:31:50

Re: Encrypted tmp partition using random key at boot.

#8 2012-05-17 12:35:37

Re: Encrypted tmp partition using random key at boot.

#9 2012-05-17 16:22:15

Re: Encrypted tmp partition using random key at boot.

Board footer