How can I decrypt a partition, mount it, and decrypt others during boot?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a custom setup:
/dev/sdb is the main usb:
1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important
/dev/sdc is another usb key:
1: encrypt luks1 ext4
2: FAT32
3: ext4
When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).
After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.
What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.
How can I achieve this?
partition grub2 encryption automounting initramfs
add a comment |Â
up vote
0
down vote
favorite
I have a custom setup:
/dev/sdb is the main usb:
1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important
/dev/sdc is another usb key:
1: encrypt luks1 ext4
2: FAT32
3: ext4
When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).
After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.
What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.
How can I achieve this?
partition grub2 encryption automounting initramfs
Did you already try cryptab? Or at least it's man page?
â Xen2050
Sep 6 at 18:24
Yes, I look all the way down, and I donâÂÂt think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
â geremi
Sep 7 at 22:02
iir, it has two stages, for unlocking partitions that must be open for others to unlock later
â Xen2050
Sep 7 at 22:34
Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. ItâÂÂs encrypted so I must decrypt and mount it first for all others
â geremi
Sep 8 at 15:56
crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
â Xen2050
Sep 9 at 9:04
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a custom setup:
/dev/sdb is the main usb:
1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important
/dev/sdc is another usb key:
1: encrypt luks1 ext4
2: FAT32
3: ext4
When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).
After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.
What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.
How can I achieve this?
partition grub2 encryption automounting initramfs
I have a custom setup:
/dev/sdb is the main usb:
1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important
/dev/sdc is another usb key:
1: encrypt luks1 ext4
2: FAT32
3: ext4
When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).
After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.
What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.
How can I achieve this?
partition grub2 encryption automounting initramfs
partition grub2 encryption automounting initramfs
asked Sep 5 at 21:39
geremi
1
1
Did you already try cryptab? Or at least it's man page?
â Xen2050
Sep 6 at 18:24
Yes, I look all the way down, and I donâÂÂt think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
â geremi
Sep 7 at 22:02
iir, it has two stages, for unlocking partitions that must be open for others to unlock later
â Xen2050
Sep 7 at 22:34
Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. ItâÂÂs encrypted so I must decrypt and mount it first for all others
â geremi
Sep 8 at 15:56
crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
â Xen2050
Sep 9 at 9:04
add a comment |Â
Did you already try cryptab? Or at least it's man page?
â Xen2050
Sep 6 at 18:24
Yes, I look all the way down, and I donâÂÂt think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
â geremi
Sep 7 at 22:02
iir, it has two stages, for unlocking partitions that must be open for others to unlock later
â Xen2050
Sep 7 at 22:34
Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. ItâÂÂs encrypted so I must decrypt and mount it first for all others
â geremi
Sep 8 at 15:56
crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
â Xen2050
Sep 9 at 9:04
Did you already try cryptab? Or at least it's man page?
â Xen2050
Sep 6 at 18:24
Did you already try cryptab? Or at least it's man page?
â Xen2050
Sep 6 at 18:24
Yes, I look all the way down, and I donâÂÂt think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
â geremi
Sep 7 at 22:02
Yes, I look all the way down, and I donâÂÂt think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
â geremi
Sep 7 at 22:02
iir, it has two stages, for unlocking partitions that must be open for others to unlock later
â Xen2050
Sep 7 at 22:34
iir, it has two stages, for unlocking partitions that must be open for others to unlock later
â Xen2050
Sep 7 at 22:34
Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. ItâÂÂs encrypted so I must decrypt and mount it first for all others
â geremi
Sep 8 at 15:56
Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. ItâÂÂs encrypted so I must decrypt and mount it first for all others
â geremi
Sep 8 at 15:56
crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
â Xen2050
Sep 9 at 9:04
crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
â Xen2050
Sep 9 at 9:04
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f467146%2fhow-can-i-decrypt-a-partition-mount-it-and-decrypt-others-during-boot%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Did you already try cryptab? Or at least it's man page?
â Xen2050
Sep 6 at 18:24
Yes, I look all the way down, and I donâÂÂt think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
â geremi
Sep 7 at 22:02
iir, it has two stages, for unlocking partitions that must be open for others to unlock later
â Xen2050
Sep 7 at 22:34
Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. ItâÂÂs encrypted so I must decrypt and mount it first for all others
â geremi
Sep 8 at 15:56
crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
â Xen2050
Sep 9 at 9:04