Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: [SOLVED] Automount encrypted /home with OpenRc fail (Read 936 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[SOLVED] Automount encrypted /home with OpenRc fail

Hi folks.

I have recently install Artix on my computer with full system encryption, except for my efi partition on which I sign .efi unified image for secure boot. However I can not figure out how to automount my encrypted /home at boot time.
I'm using openRc and my partitioning is as follow :
sda2 -> LUKS -> lvm VG -> Swap and /
sdb1 -> LUKS -> /home
Code: [Select]
$>  lsblk --fs
NAME                 FSTYPE      FSVER    LABEL      UUID                                   FSAVAIL FSUSE% MOUNTPOINT
sda
├─sda1               vfat        FAT32    EFI        EBCA-D9FB                               341.5M    32% /efi
└─sda2               crypto_LUKS 2                   e3fd3202-568a-4564-90cf-f9873b72aa97
  └─crypt_system     LVM2_member LVM2 001            bcMw61-BGJA-T0hh-zgUi-mbKu-SfDp-voSOpp
    ├─vg_system-swap swap        1        crypt_swap 945ee7c4-91fc-42f9-acac-7268381c4a5f
    └─vg_system-root ext4        1.0      crypt_root 53fcfe75-075b-43ce-bdf5-f53684b618b8    155.5G     5% /
sdb
└─sdb1               crypto_LUKS 2                   a3679bcd-5994-4401-b65d-1bb4754205b5
  └─crypt_home       ext4        1.0      crypt_home 23cecaa7-519e-4135-bc3f-d221947be1e9      658G    23% /home

The crypt_system (sda2) is mount at boot time with according kernel parameter which allow to unlock 1 partition.
I would like the sdb1 partition to be unlock automagically with a keyfile residing in sda2.
The artix wiki page about dmcrypt does not mention those kind of partitioning so I looked at those pages in the Arch Wiki and Parabola Wiki. Therefore I try to use cryptab as mention.

Here is my fstab and cryptab and it is still not working. Does OpenRC use cryptab or is there an error ?

Code: [Select]
$> cat /etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/vg_system-root LABEL=crypt_root
UUID=53fcfe75-075b-43ce-bdf5-f53684b618b8       /               ext4            rw,relatime     0 1

# /dev/sda1 LABEL=EFI
UUID=EBCA-D9FB          /efi            vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 2

# /dev/mapper/crypt_home LABEL=crypt_home
UUID=23cecaa7-519e-4135-bc3f-d221947be1e9       /home           ext4            rw,relatime     0 2

Code: [Select]
#> cat /etc/cryptab
# Configuration for encrypted block devices.
# See crypttab(5) for details.

# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name>       <device>                                     <password>              <options>
crypt_home     UUID=a3679bcd-5994-4401-b65d-1bb4754205b5    /root/crypt_home_key    luks
# data1        /dev/sda3                                    /etc/mypassword2
# data2        /dev/sda5                                    /etc/cryptfs.key
# swap         /dev/sdx4                                    /dev/urandom            swap,cipher=aes-cbc-essiv:sha256,size=256
# vol          /dev/sdb7                                    none

I also saw this gentoo wiki page about disk encryption mentionning /etc/conf.d/dmcrypt and a dmcrypt service to run at boot. So I edited this file accordingly but I do not have any "dmcrypt" service.
Code: [Select]
$> cat /etc/conf.d/dmcrypt
target='crypt_home'
source=UUID='a3679bcd-5994-4401-b65d-1bb4754205b5'
key='/root/crypt_home_key'

And also, the permission on crypttab was as follow : is it normal ?
Code: [Select]
$> ll /etc/crypttab
-rw------- 1 root root 734 Mar  1 10:53 /etc/crypttab

Have someone successfully unlock a non-root partition at boot-time with a keyfile, using OpenRC ?
Key fingerprint = 912B 29BE EDBE 8E73 8E3F  8758 869E 9A75 3DCA 4320

 

Re: [SOLVED] Automount encrypted /home with OpenRc fail

Reply #1
Nevermind, I found out that their was a  cryptsetup-openrc package with the dmcrypt service I was missing... -_-'

Just installing the package and
Code: [Select]
#> rc-update add dmcrypt boot
did the trick .
Key fingerprint = 912B 29BE EDBE 8E73 8E3F  8758 869E 9A75 3DCA 4320