On Thu, Sep 4, 2008 at 5:23 PM, Alexander Golovin
<alex.golovin@mail.ru>wrote:
Hi Cassiano!
Hi!
You've written:
"a far as I know the mapping should be recreated each time you
reboot
using /sbin/cryptsetup. We are using luks extension and at each
reboot
we need to issue cryptsetup luksOpen </dev/name> <mappername>.
The text above was actually from Andrea Bicciolo, to which I replied:
/etc/crypttab should make the use of this command unecessary. The
passphrase will then be asked at boot time."
Can you describe how to we need do that?
To me it seems that what you've described in your first e-mail is
pretty
much ok.
The problem you're facing is that the encrypted volume is not being
de-crypted and this is the reason why the device (the actual
partition
inside the encrypted vol) is not being mapped into /dev/mapper.
In step 3 (from your original e-mail) you are inserting only two
fields
into
/etc/crypttab, but this file mandates four fields: target, source
device,
key file and options.
- Target is the device that will be created in /dev/mapper (in your
example,
"crypt" without the quotes);
- Source device is the actual device or partition (/dev/hda6) that's
encrypted
- Key file is where the system will read the key to de-crypt the
volume.
If
set to "none", you will be asked for a passphrase, which I assume
is your
case
- Options can be many things. For LUKS, just put "luks". For more
options,
refer to "man /etc/crypttab"
My guess is that if you correct your step 3 to include all four
fields in
/etc/crypttab you will be automatically asked for the passphrase
next time
you boot the machine, so edit the file and substitute:
crypt /dev/hda6
for
crypt /dev/hda6 none luks
Save the file and reboot. If it does not work, post back your
experience.
My experience with manually encrypted partitions is somewhat
limited, but
overall it should work as I described.
Cheers,
Cassiano Leal