You are not logged in.

#1 2010-09-22 20:16:39

rent0n
Member
From: Italy
Registered: 2009-10-29
Posts: 457
Website

[Solved] Mount LUKS encrypted hard drive at boot

Hi,

This is driving me nuts. I'm getting angry to be honest. wink

I encrypted my brand new WD portable hard drive with LUKS + dm-crypt and I can now normally map and mount it with the following commands:

sudo cryptsetup luksOpen /dev/sdc1 WesternDigital
[Enter Passphrase]
sudo mount /dev/mapper/WesternDigital /media/WesternDigital

I would like to map and mount it at boot time (where I should be prompted for the passphrase), so I edited:

/etc/crypttab

WesternDigital /dev/sdc1 none luks

and:

/etc/fstab

/dev/mapper/WesternDigital /media/WesternDigital ext4 defaults,noauto,noatime 0 0

During boot I get some errors regarding the decrypting or mapping of WesternDigital that fails but it's too fast to note down something (and, as you probably know, there's no known way to log boot messages on Arch...)

After boot if I try to manually mount /media/WesternDigital I get a message saying /dev/mapper/WesternDigital does not exist.
So I guess the problem is in the mapping phase and thus in the /etc/crypttab file.

I can't find anything in the internet but maybe I'm missing something very basic (a daemon, a module?).

Any help is indeed very appreciated, thank you.

Last edited by rent0n (2010-09-24 15:27:16)


rent0n@deviantART | rent0n@bitbucket | rent0n@identi.ca | LRU #337812
aspire: Acer Aspire 5920 Arch Linux x86_64 | beetle: Gericom Beetle G733 Arch Linux i686

Offline

#2 2010-09-22 20:31:46

skunktrader
Member
From: Brisbane, Australia
Registered: 2010-02-14
Posts: 1,538

Re: [Solved] Mount LUKS encrypted hard drive at boot

rent0n wrote:

During boot I get some errors regarding the decrypting or mapping of WesternDigital that fails but it's too fast to note down something (and, as you probably know, there's no known way to log boot messages on Arch...)

In order to read the error messages, did you try this yet? http://wiki.archlinux.org/index.php/Dis … t_Messages

Offline

#3 2010-09-22 20:43:43

Zariel
Member
Registered: 2008-10-07
Posts: 446

Re: [Solved] Mount LUKS encrypted hard drive at boot

Did you add encrypt to your initcpio hooks ?

Offline

#4 2010-09-22 22:39:28

Halcyon22
Member
Registered: 2010-07-30
Posts: 33

Re: [Solved] Mount LUKS encrypted hard drive at boot

Is it a usb drive? If so you need to add "usb" to /etc/mkinitcpio.conf hooks.

Offline

#5 2010-09-23 11:14:13

rent0n
Member
From: Italy
Registered: 2009-10-29
Posts: 457
Website

Re: [Solved] Mount LUKS encrypted hard drive at boot

Thanks for your replies.

I clearly missed that I had to add the encrypt and usb hooks in /etc/mkinitcpio.conf (the order should be the right one).

So here's how my HOOKS looks like now:

HOOKS="base udev autodetect pata scsi sata usb encrypt filesystems keymap resume"

However, I still get the same error at boot:

Unlocking encrypted device WesternDigital:  [FAILED]

So there's still something wrong but I have no idea what. When I try to mount it manually I get that /dev/mapper/WesternDigital does not exist. So it's not unlocked/mapped at boot time.

/etc/crypttab:

WesternDigital        /dev/disk/by-uuid/8990547d-62de-4e47-944a-7f88ca2c738e        ASK        luks

/etc/fstab:

/dev/mapper/WesternDigital /media/WesternDigital ext4 defaults,noatime 0 0

Please help! smile


rent0n@deviantART | rent0n@bitbucket | rent0n@identi.ca | LRU #337812
aspire: Acer Aspire 5920 Arch Linux x86_64 | beetle: Gericom Beetle G733 Arch Linux i686

Offline

#6 2010-09-23 14:47:28

rent0n
Member
From: Italy
Registered: 2009-10-29
Posts: 457
Website

Re: [Solved] Mount LUKS encrypted hard drive at boot

Ok, I've got some news. And I'm more and more confused.

I added the cryptdevice in the kernel line of my /boot/grub/menu.lst:

kernel /boot/vmlinuz26 root=/dev/disk/by-uuid/d96dc62b-384e-4db4-9ede-18e5aa5174bc cryptdevice=/dev/disk/by-uuid/8990547d-62de-4e47-944a-7f88ca2c738e:WesternDigital resume=/dev/disk/by-uuid/8ba97700-34a1-4573-ac14-dc5573a3eb1d ro video=SVIDEO-1:d

And now I am prompted for a passphrase during boot.
However I keep seeing:

Unlocking encrypted volume WesternDigital: [FAILED]

some seconds later.

Surprisingly the device IS mounted after boot.

Any ideas? Archwiki doesn't help this time. Can please someone point me to a step-by-step solution?


rent0n@deviantART | rent0n@bitbucket | rent0n@identi.ca | LRU #337812
aspire: Acer Aspire 5920 Arch Linux x86_64 | beetle: Gericom Beetle G733 Arch Linux i686

Offline

#7 2010-09-24 15:25:49

rent0n
Member
From: Italy
Registered: 2009-10-29
Posts: 457
Website

Re: [Solved] Mount LUKS encrypted hard drive at boot

Ok, it's solved. I tried many different configurations of /etc/crypttab, /etc/fstab, /etc/mkinitcpio.conf /etc/rc.conf /boot/grub/menu.lst and I finally found the right setup.

I'm not sure of what was wrong in the first place so I'll just post my current working configs for future reference.

/boot/grub/menu.lst
Doesn't need to be edited at all (ignore the above post).

/etc/rc.conf
You don't need to add any module here because the dm-crypt and dm-mod modules are loaded thanks to the encrypt hook.

/etc/mkinitcpio.conf
The HOOKS line should include usb, usbinput (probably) and encrypt. usb must precede encrypt that must precede filesystems:

 HOOKS="base udev autodetect pata scsi sata usb usbinput keymap encrypt filesystems resume" 

/etc/crypttab

WesternDigital        /dev/sdX ASK

Do not insert 'luks', 'retry=X' or other kind of options (you can find this kind of options in many tutorials and howtos). That was one of my problems I guess.

/etc/fstab

/dev/mapper/WesternDigital /media/WesternDigital auto defaults,noatime 0 0

Note
I'm not sure if this has been helpful or not... however I was able to get it to work after following the advice found here.

Cheers,


rent0n@deviantART | rent0n@bitbucket | rent0n@identi.ca | LRU #337812
aspire: Acer Aspire 5920 Arch Linux x86_64 | beetle: Gericom Beetle G733 Arch Linux i686

Offline

Board footer

Powered by FluxBB