Hi folks.
I have recently install Artix on my computer with full system encryption, except for my efi partition on which I sign .efi unified image for secure boot. However I can not figure out how to automount my encrypted /home at boot time.
I'm using openRc and my partitioning is as follow :
sda2 -> LUKS -> lvm VG -> Swap and /
sdb1 -> LUKS -> /home
$> lsblk --fs
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
sda
├─sda1 vfat FAT32 EFI EBCA-D9FB 341.5M 32% /efi
└─sda2 crypto_LUKS 2 e3fd3202-568a-4564-90cf-f9873b72aa97
└─crypt_system LVM2_member LVM2 001 bcMw61-BGJA-T0hh-zgUi-mbKu-SfDp-voSOpp
├─vg_system-swap swap 1 crypt_swap 945ee7c4-91fc-42f9-acac-7268381c4a5f
└─vg_system-root ext4 1.0 crypt_root 53fcfe75-075b-43ce-bdf5-f53684b618b8 155.5G 5% /
sdb
└─sdb1 crypto_LUKS 2 a3679bcd-5994-4401-b65d-1bb4754205b5
└─crypt_home ext4 1.0 crypt_home 23cecaa7-519e-4135-bc3f-d221947be1e9 658G 23% /home
The crypt_system (sda2) is mount at boot time with according kernel parameter which allow to unlock 1 partition.
I would like the sdb1 partition to be unlock automagically with a keyfile residing in sda2.
The artix wiki page about dmcrypt does not mention those kind of partitioning so I looked at those pages in the Arch Wiki and Parabola Wiki. Therefore I try to use cryptab as mention.
Here is my fstab and cryptab and it is still not working. Does OpenRC use cryptab or is there an error ?
$> cat /etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.
# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/vg_system-root LABEL=crypt_root
UUID=53fcfe75-075b-43ce-bdf5-f53684b618b8 / ext4 rw,relatime 0 1
# /dev/sda1 LABEL=EFI
UUID=EBCA-D9FB /efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 2
# /dev/mapper/crypt_home LABEL=crypt_home
UUID=23cecaa7-519e-4135-bc3f-d221947be1e9 /home ext4 rw,relatime 0 2
#> cat /etc/cryptab
# Configuration for encrypted block devices.
# See crypttab(5) for details.
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf).
# <name> <device> <password> <options>
crypt_home UUID=a3679bcd-5994-4401-b65d-1bb4754205b5 /root/crypt_home_key luks
# data1 /dev/sda3 /etc/mypassword2
# data2 /dev/sda5 /etc/cryptfs.key
# swap /dev/sdx4 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
# vol /dev/sdb7 none
I also saw this gentoo wiki page about disk encryption mentionning /etc/conf.d/dmcrypt and a dmcrypt service to run at boot. So I edited this file accordingly but I do not have any "dmcrypt" service.
$> cat /etc/conf.d/dmcrypt
target='crypt_home'
source=UUID='a3679bcd-5994-4401-b65d-1bb4754205b5'
key='/root/crypt_home_key'
And also, the permission on crypttab was as follow : is it normal ?
$> ll /etc/crypttab
-rw------- 1 root root 734 Mar 1 10:53 /etc/crypttab
Have someone successfully unlock a non-root partition at boot-time with a keyfile, using OpenRC ?
Topic: [SOLVED] Automount encrypted /home with OpenRc fail (Read 938 times)
previous topic - next topic