[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problem with systemd and cryptsetup - how to solve it the systemd way?

On 12/10/2015 05:38 AM, Anders Andersson wrote:
I am trying to set up an encrypted btrfs system on a Debian Jessie
root@jessie:~# cryptsetup luksFormat /dev/sdb1
root@jessie:~# cryptsetup luksOpen /dev/sdb1 crypt
root@jessie:~# dd if=/dev/zero of=/dev/mapper/crypt
root@jessie:~# cryptsetup luksClose crypt
Then I add this to /etc/crypttab:
---- /etc/crypttab ---
# <target name>    <source device>        <key file>    <options>
crypt /dev/sdb1 none luks,noauto
---- /etc/crypttab ---

When I want a LUKS data partition to be mounted at boot, I create a LUKS key:

    # dd if=/dev/random of=/root/.luks-keyfile bs=1 count=32

    # chmod 0400 /root/.luks-keyfile

Add the key to the LUKS partition:

    # cryptsetup luksAddKey /dev/sdb1 /root/.luks-keyfile

(Note: it is preferable to use /dev/disk/by-id/* paths for disk administration commands rather than /dev/sd* paths, as the letter assignments can and do get re-arranged on reboot.)

Add an entry to /etc/crypttab:

   sdb1_crypt /dev/sdb1 /root/.luks-keyfile luks

Create a mount point:

    # mkdir /var/luks/sdb1_data

Add an entry to /etc/fstab:

    /dev/mapper/sdb1_crypt /var/luks/sdb1_data auto defaults,nofail 0 2

Reboot, verify, and/or troubleshoot.


Reply to: