1. Forums
  2. Support
  3. Installation
  4. Mount LUKS on boot

Mount LUKS on boot

2 posts / 0 new
Log in or register to post comments
Last post
#1 Wed, 2017-12-13 11:55
mogba
  • mogba's picture
  • Offline
  • Last seen: 3 months 2 weeks ago
  • Joined: 2017-12-13

Greetings.
I'm having difficulties on mounting a LUKS partition (not /boot nor root) on boot.

I already added the partition on /etc/crypttab, adding its mapper to /etc/fstab, and editing my /etc/mkinitfs/mkinitfs.conf
On boot, Alpine will always trying to fsck and mount my LUKS partition to no avail because it won't load my /etc/crypttab.

# cat /etc/alpine-release
3.7.0

Here's my mkinitfs.conf:

# cat mkinitfs.conf
features="ata base ide scsi usb virtio ext4 cryptsetup"

Here's my /etc/crypttab:

# cat /etc/crypttab
crypt_data      /dev/sdb1       none    luks

Here's my /etc/fstab:

UUID=7f000036-0000-4da7-0000-c55600005423       /       ext4    rw,relatime,data=ordered 0 1
UUID=7b0000a4-0000-4013-0000-3ef00000f77e       /boot   ext4    rw,relatime,data=ordered 0 2
UUID=ca000003-0000-466e-0000-ddd6000068f7       swap    swap    defaults        0 0
/dev/cdrom      /media/cdrom    iso9660 noauto,ro 0 0
/dev/usbdisk    /media/usb      vfat    noauto  0 0
/dev/mapper/crypt_data /srv/secure      ext4 default 0 2

Here's my fdisk -l /dev/sdb

# fdisk -l /dev/sdb
Disk /dev/sdb: 10 GB, 10737418240 bytes, 20971520 sectors
1305 cylinders, 255 heads, 63 sectors/track
Units: cylinders of 16065 * 512 = 8225280 bytes
 
Device  Boot StartCHS    EndCHS        StartLBA     EndLBA    Sectors  Size Id Type
/dev/sdb1    0,1,1       1023,254,63         63   20964824   20964762  9.9G 83 Linux

Here's my cryptsetup luksDump /dev/sdb1

# cryptsetup luksDump /dev/sdb1
LUKS header information for /dev/sdb1
 
Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        256
MK digest:      e1 00 bc ce 1a 38 00 50 c3 00 82 6a 00 be 7b 00 47 30 00 c4
MK salt:        00 ea 00 78 00 f7 b7 7f 00 bc b7 17 00 76 00 4f
                c1 00 f7 00 a7 00 43 eb 68 00 88 00 98 00 87 00
MK iterations:  31500
UUID:           e8ca0000-86fb-0000-9c4f-09cd0000591e
 
Key Slot 0: ENABLED
        Iterations:             250978
        Salt:                   25 00 23 9b 00 a5 20 00 88 33 00 f3 46 00 9d 8f
                                1b 42 00 6f e3 00 a4 09 00 ae 2b 00 f4 3c 00 bc
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

And of course, my lsmod | grep crypt

# lsmod | grep crypt
dm_crypt               23504  0
dm_mod                124555  1 dm_crypt
cryptd                 14039  3 ablk_helper,ghash_clmulni_intel,aesni_intel

Is there anything I've missed, or do I need to load it via /etc/conf.d/dmcrypt and mount it manually each boot?
Thank you.

PS: Sorry for the wall of text, this forum does not provide [spoiler] tags.

Sat, 2018-03-24 03:46
jodumont
  • jodumont's picture
  • Offline
  • Last seen: 16 hours 47 min ago
  • Joined: 2018-02-06

I know it's not the best but ;)

the only way I made it automatic is by adding scripts into local.d
which is something like :

cat >> /etc/local.d/cryptsetup_data.start cryptsetup --key-file /mykeyfile luksOpen /dev/devcrypt crypt
mount /dev/mapper/crypt /crypt
EOM

than you also need to add a script for when the system stop

cat >> /etc/local.d/cryptsetup_data.start umount /crypt
cryptsetup luksClose crypt
EOM

Log in or register to post comments