Skip to main content
Topic: How to mount drives on boot with /etc/conf.d/dmcrypt (Read 777 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

How to mount drives on boot with /etc/conf.d/dmcrypt

Hi,

I'm using artix with openrc and wanted to know how I mount a drive encrypted with veracrypt + keyfile when the system boots? I've found in this thread that /etc/crypttab no longer works when using openrc and instead you need to use the /etc/conf.d/dmcrypt file. https://forum.artixlinux.org/index.php/topic,3008.0.html

I wanted to know what syntax I need to use to mount the veracrypt partition on boot? Is this possible? I know its possible to open veracrypt volumes with cryptsetup although what syntax would I need in the /etc/conf.d/dmcrypt file?

Re: How to mount drives on boot with /etc/conf.d/dmcrypt

Reply #1
Have you installed
  • cryptsetup
  • cryptsetup-openrc?
That file should already be there, with included comments explaining how to set it up.

This information can be gained by running pkgfile(1):
Code: [Select]
$ pkgfile /etc/conf.d/dmcrypt
system/cryptsetup-openrc

On a side note, 66 supports /etc/crypttab through a variable in boot@system service configuration.

Re: How to mount drives on boot with /etc/conf.d/dmcrypt

Reply #2
man cryptsetup gives me information on the cryptsetup command although nothing about how to use the /etc/conf.d/dmcrypt file.

From what I've read elsewhere on the internet, we need something like as follows:
target=data
source=PARTUUID=PARTUUID
key=/boot/keyfile.bin

I don't know how you tell /etc/conf.d/dmcrypt that it is a veracrypt partition though. Is this possible?

Re: How to mount drives on boot with /etc/conf.d/dmcrypt

Reply #4
man veracrypt and man veracrypt-openrc doesn't give any man pages. I've run mandb as well.

Re: How to mount drives on boot with /etc/conf.d/dmcrypt

Reply #5
veracrypt is a GUI program, just like its Windows version. The other package contains the associated service.

Personally, I've never used it, so I can't give any further details. Refer to its documentation.

Artix has a LUKS tutorial page in the wiki.

Re: How to mount drives on boot with /etc/conf.d/dmcrypt

Reply #6
I was missing the package cryptsetup-openrc. I have installed it now and in the /etc/conf.d/dmcrypt.pacnew file there is instructions on how to configure it. I presume my configuration would need to be as follows:

So in my /etc/conf.d/dmcrypt file, I now have
# Internal data partition
target=internaldata
source=PARTUUID=PARTUUID
options='tcrypt,tcrypt-keyfile=/boot/keyfile.bin,tcrypt-veracrypt'

And then I run sudo rc-update add dmcrypt boot

I've also added it to /etc/fstab with the following:
# /mnt/veracrypt1
UUID=UUID                                  /mnt/veracrypt1 exfat           defaults 0 0

Re: How to mount drives on boot with /etc/conf.d/dmcrypt

Reply #7
In this case, you would probably need to explicitly add the /boot/keyfile.bin file to the FILES section of /etc/mkinitcpio.conf.
 

Re: How to mount drives on boot with /etc/conf.d/dmcrypt

Reply #8
Hi,

I gave up on using the /etc/conf.d/dmcrypt to do this. I noticed when using this process, it invokes the cryptsetup create command instead of the cryptsetup luksOpen or cryptsetup tcryptOpen command and I'm not sure how to change this.

I found a workaround though; the workaround was to add /etc/keyfile.bin to the FILES section of mkinitcpio.conf and then write a mkinitcpio hook to decrypt the drive on boot using the code
#!/usr/bin/ash

run_hook(){
modprobe -a -q dm-crypt >/dev/null 2>&1
modprobe loop
cryptsetup open /dev/disk/by-partuuid/### -type tcrypt --key-file /etc/keyfile.bin internaldisk


And then in my /etc/fstab file I have:
# /media/internaldata
/dev/mapper/internaldisk                        /media/internaldisk             exfat           defaults,uid=1000,gid=1000,dmask=007,fmask=117 0 2