[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Device to use with cryptsetup Buster encrypted lvm

On 10/4/2020 4:52 PM, David Wright wrote:

On Sun 04 Oct 2020 at 16:39:38 (+0200), john doe wrote:

On 10/4/2020 4:35 PM, David Wright wrote:

On Sun 04 Oct 2020 at 16:16:33 (+0200), john doe wrote:

I just installed Debian Buster with encrypted LVM.

In my fstab file, I have:
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/try02--vg-root /               ext4    errors=remount-ro 0
       1

I can't figure out what device I should pass to cryptsetup to avoid the
below error:

$ cryptsetup -v luksAddKey /dev/mapper/try02--vg-root /etc/keys/root.key
--key-slot=1
Device /dev/mapper/try02--vg-root doesn't exist or access denied.
Command failed with code -4 (wrong device or file specified).


How can I know what device cryptsetupt will accept?


It looks as if you're trying to add the key to the decrypted device,
ie the /dev/mapper/ device that gets mounted as /.
You add keys to the encrypted device, ie the device that contains the
encrypted filesystem, the argument you used in the command
# cryptsetup luksFormat <this-device>



The debian -installer has done that for me, I don't understand how I can
get the encrypted device.


I've not done that with the installer. I would expect there to be
an entry in /etc/crypttab for the root filesystem, so that it gets
mounted at boot time. It's the second field in that line.



In /etc/crypttab, the first column in the file has the device name
followed by '_crypt'.
Alternatively, use the UUID from the second column with the uuid option
of the blkid command.

$ blkid -U <UUID>


Thanks to you David and to 'Ulf Volmer <u.volmer@u-v.de>'.


I appriciated.


--
John Doe
Reply to: