Mount LUKS encrypted device automatically

Forum rules
Before you post please read this
Post Reply
kwyrky
Level 2
Level 2
Posts: 57
Joined: Wed Jul 10, 2019 5:10 am

Mount LUKS encrypted device automatically

Post by kwyrky » Sat Aug 17, 2019 2:58 am

Hi, I am trying to get a LUKS encrypted USB drive automatically unlocked and mounted whenever it is plugged in.

I tried to setup it by using udev rules and the fstab file but it is not working.

I tried it like this:

I created a keyfile which I added to the USB encrypted device keys

Code: Select all

mkdir keyfiles; cd keyfiles
dd if=/dev/random of=backup-hdd bs=256 count=1
cryptsetup luksAddKey /dev/sdb1 ~/keyfiles/backup-hdd

so that it can be unlocked now with the initial passphrase or the keyfile.

I added to my fstab the following line

Code: Select all

/dev/mapper/backup-crypt /mnt/backup ext4 defaults,user,users 0 0
I got the serial number of the encrypted USB drive with

Code: Select all

udevadm info -a -p $(udevadm info -q path -n /dev/sdb) | grep serial
which will actually output two numbers. The output is similar to

Code: Select all

ATTRS{serial}=="66623425ABCDEF"
ATTRS{serial}=="0000:00:27.0"
Here the first serial is the one that should be used as the second one is an internal serial number.

and I added the following udev rules

Code: Select all

##################################################################################
# rule 1: decrypt the disk once it gets plugged in
##################################################################################

# matches partitions (there is precisely one) of block devices with the serial
# number of my backup external hard disk

ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ATTRS{serial}=="66623425ABCDEF", \
RUN+="/sbin/cryptsetup --key-file /home/<user>/keyfiles/backup-hdd luksOpen $env{DEVNAME} backup-crypt"

##################################################################################
# rule 2: as soon as the crypt container is opened, mount the filesystem inside it
##################################################################################

# we (also) match on change because the device name is known only after some time
ACTION=="add|change", SUBSYSTEM=="block", ENV{DM_NAME}=="backup-crypt", \
RUN+="/bin/mount /dev/mapper/$env{DM_NAME}"

to a new file

Code: Select all

/etc/udev/rules.d/85-usb-backup-hdd.rules
The idea is, that the udev rule applies whenever the USB drive is plugged in and the fstab entry should provide the information where to mount the file system after the drive gets unlocked.

The entry in the fstab is actually not working well, with the entry the system fails to boot and I have to replace the fstab file with a backup file which does not have this entry. I read the documentation on fstab but I don't fully understand the last parameters and if it should help to change the sixth parameter to a 1 or 2?

Any tips on how to get this working?

User avatar
WharfRat
Level 21
Level 21
Posts: 13142
Joined: Thu Apr 07, 2011 8:15 pm

Re: Mount LUKS encrypted device automatically

Post by WharfRat » Sat Aug 17, 2019 9:27 am

kwyrky,

It was a good move to start a new topic for the udev rule.

I've searched my old posts and found some udev related topics from years ago that might be of some help

viewtopic.php?f=90&t=174304&p=898118&hi ... on#p898118

viewtopic.php?f=90&t=173681&p=894689&hi ... on#p894689

viewtopic.php?f=90&t=166916&p=858705&hi ... on#p858705

Good luck :wink:
ImageImage

kwyrky
Level 2
Level 2
Posts: 57
Joined: Wed Jul 10, 2019 5:10 am

Re: Mount LUKS encrypted device automatically

Post by kwyrky » Tue Aug 20, 2019 11:35 am

I got it working with setting up a udev rule. The drive automatically gets unlocked but after it is unlocked the partition gets automatically mounted. And after that step my second udev rule which should mount the partition itself is not working I guess because the partition is automatically locked. Also if I eject the partition it looks good because it asks for the sudo password to be able to lock the drive again. But the second time the drive is no more available as /dev/sdb but as /dev/sdc and it seems like something is not working correctly or something is still blocking... I don't know what to do now. The commands I use should be fine because when I run the commands the drive is unlocked and the partition mounted or after that with another command umounted and locked...

Not sure how to get it to work totally automatic the second time the drive is plugged in. The first time works.

Any ideas what may be wrong or what should I look for to find out what is going wrong?

Post Reply

Return to “Mounting Partitions”