[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: system startup + cryptsetup

Gabor Walter wrote:

I want to encrypt my entire /home directory which is on a separate
partition. I used cryptsetup which is available in FC5. I successfully
created the encrypted partition and I also found a script at
http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen which I would like
to incorporate into my startup. The question is, where exactly?
Should I (can I) modify rc.sysinit?
Or should I just put it into rc.local?
This is what I tried, but then I keep getting a message that /home needs a
file system check and is corrupt (this sounds logical, because at this point
the partition is neither opened nor mounted).
So it looks to me like a real catch-22.
TIA for any suggestions.

Gabor Walter

I'm not on FC5 yet, so take the following with a grain of salt, in case FC5 includes the HAL modifications that have been discussed elsewhere. From the error message you are getting, which is presumably the result of FC5 attempting to auto mount the partition and not recognizing it as being encrypted, I presume not.

If not, then you need to modify /etc/fstab so that the mounting information for /home is properly mapped to the new device and does not auto mount the /home partition before it is opened with the passphrase.

Remove or comment out any existing line in /etc/fstab referring to /home. Then add something like the following line:

  /dev/mapper/hdc5    /home         ext3    noauto   0 0

This maps /home to the proper encrypted device, in my case hdc5. It sets 'noauto' so that the partition is not auto mounted at boot. You may or may not need to add either 'user' or 'users' to the options (noauto) field, depending upon the user restrictions you want on mounting the partition. Also, change the file system type as may be appropriate, if you are not using ext3. See 'man mount' for more info.

As with Reinhard, I also added the luksopen script to rc.local and the system prompts me for the passphrase on boot.


Marc Schwartz

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]