How can I decrypt a partition, mount it, and decrypt others during boot?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have a custom setup:
/dev/sdb is the main usb:

1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important



/dev/sdc is another usb key:

1: encrypt luks1 ext4
2: FAT32
3: ext4



When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).



After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.



What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.



How can I achieve this?










share|improve this question





















  • Did you already try cryptab? Or at least it's man page?
    – Xen2050
    Sep 6 at 18:24










  • Yes, I look all the way down, and I don’t think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
    – geremi
    Sep 7 at 22:02










  • iir, it has two stages, for unlocking partitions that must be open for others to unlock later
    – Xen2050
    Sep 7 at 22:34










  • Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. It’s encrypted so I must decrypt and mount it first for all others
    – geremi
    Sep 8 at 15:56










  • crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
    – Xen2050
    Sep 9 at 9:04














up vote
0
down vote

favorite












I have a custom setup:
/dev/sdb is the main usb:

1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important



/dev/sdc is another usb key:

1: encrypt luks1 ext4
2: FAT32
3: ext4



When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).



After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.



What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.



How can I achieve this?










share|improve this question





















  • Did you already try cryptab? Or at least it's man page?
    – Xen2050
    Sep 6 at 18:24










  • Yes, I look all the way down, and I don’t think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
    – geremi
    Sep 7 at 22:02










  • iir, it has two stages, for unlocking partitions that must be open for others to unlock later
    – Xen2050
    Sep 7 at 22:34










  • Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. It’s encrypted so I must decrypt and mount it first for all others
    – geremi
    Sep 8 at 15:56










  • crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
    – Xen2050
    Sep 9 at 9:04












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a custom setup:
/dev/sdb is the main usb:

1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important



/dev/sdc is another usb key:

1: encrypt luks1 ext4
2: FAT32
3: ext4



When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).



After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.



What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.



How can I achieve this?










share|improve this question













I have a custom setup:
/dev/sdb is the main usb:

1: EFI Partition
2: encrypt LUKS1 FAT32 /boot
3: encrypt LUKS1 ext4 /
4: encrypt LUKS2 ext4 /home
Others not important



/dev/sdc is another usb key:

1: encrypt luks1 ext4
2: FAT32
3: ext4



When I boot, GRUB2 appears. It decrypts /dev/sdb2, then I select to boot Manjaro latest KDE. It takes a keyfile on /dev/sdb2 to decrypt /dev/sdc1, then use a keyfile on this to decrypt /dev/sdb3 (root /).



After that, initramfs decrypts (can someone confirm me this?) root partition /dev/sdb3.



What I want, is after that all HOOKS (including encrypt) ran over, to decrypt /dev/sdc1 (keyfile on root) and mount it, for other partitions.



How can I achieve this?







partition grub2 encryption automounting initramfs






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Sep 5 at 21:39









geremi

1




1











  • Did you already try cryptab? Or at least it's man page?
    – Xen2050
    Sep 6 at 18:24










  • Yes, I look all the way down, and I don’t think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
    – geremi
    Sep 7 at 22:02










  • iir, it has two stages, for unlocking partitions that must be open for others to unlock later
    – Xen2050
    Sep 7 at 22:34










  • Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. It’s encrypted so I must decrypt and mount it first for all others
    – geremi
    Sep 8 at 15:56










  • crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
    – Xen2050
    Sep 9 at 9:04
















  • Did you already try cryptab? Or at least it's man page?
    – Xen2050
    Sep 6 at 18:24










  • Yes, I look all the way down, and I don’t think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
    – geremi
    Sep 7 at 22:02










  • iir, it has two stages, for unlocking partitions that must be open for others to unlock later
    – Xen2050
    Sep 7 at 22:34










  • Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. It’s encrypted so I must decrypt and mount it first for all others
    – geremi
    Sep 8 at 15:56










  • crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
    – Xen2050
    Sep 9 at 9:04















Did you already try cryptab? Or at least it's man page?
– Xen2050
Sep 6 at 18:24




Did you already try cryptab? Or at least it's man page?
– Xen2050
Sep 6 at 18:24












Yes, I look all the way down, and I don’t think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
– geremi
Sep 7 at 22:02




Yes, I look all the way down, and I don’t think crypttab can decrypt a partition, then mount it, and decrypt others on boot up.
– geremi
Sep 7 at 22:02












iir, it has two stages, for unlocking partitions that must be open for others to unlock later
– Xen2050
Sep 7 at 22:34




iir, it has two stages, for unlocking partitions that must be open for others to unlock later
– Xen2050
Sep 7 at 22:34












Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. It’s encrypted so I must decrypt and mount it first for all others
– geremi
Sep 8 at 15:56




Yes, but /home cannot be mount later. To be mount, I need the keyfile on /dev/sdc1. It’s encrypted so I must decrypt and mount it first for all others
– geremi
Sep 8 at 15:56












crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
– Xen2050
Sep 9 at 9:04




crypttab's options like noearly and keyscript or initramfs sound applicable. Or if home's already encrypted, then an autostart script that runs on user login is another option
– Xen2050
Sep 9 at 9:04















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f467146%2fhow-can-i-decrypt-a-partition-mount-it-and-decrypt-others-during-boot%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f467146%2fhow-can-i-decrypt-a-partition-mount-it-and-decrypt-others-during-boot%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?