[dm-crypt] Auto mount encrypted partition with passphrase stored in a external driver

Michael Kjörling michael at kjorling.se
Wed Jan 13 11:10:29 CET 2016


On 13 Jan 2016 07:36 +0000, from Gabriel.Almeida at harman.com (Almeida, Gabriel):
> I would like to know how can I auto-mount an encrypted partition
> (LUKS) upon bootup. Idea is that passphrase is stored in a USB stick
> connected to the device. If passphrase is valid, the partition will
> be mounted upon bootup, if not, partition mounting will fail.

This isn't necessarily a full answer to your question, but if Ubuntu
is similar to Debian in this regard (it usually is), you can use the
key file field in /etc/crypttab to specify the file that holds the
passphrase. Make sure to read the crypttab(5) manpage as there are a
few important caveats to be aware of.

Then, again on Debian, there is /etc/default/cryptdisks that specifies
CRYPTDISKS_MOUNT. According to the comments, this allows you to
specify mountpoints that are mounted _before_ cryptsetup is invoked.

That would only leave possibly unmounting the USB stick after booting.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the dm-crypt mailing list