[SOLVED] mounting a plain dm-crypt encrypted partition

Similar Messages

• Additional, encrypted partition mounted as /Users

  Recently I removed DVD-ROM drive from my MacBook Pro and installed 60GB SSD for system (in regular HDD bay) and my old HDD instead of DVD drive.
  My plan is to use fast SSD drive for system and the HDD for data.
  I would like to have my HDD partition mounted as /Users so all users' home directories are stored on HDD.
  I read this article: http://www.red-sweater.com/blog/1935/lions-whole-disk-encryption but it seams there is a problem with logging in if the user's home directory resides on separate encrypted partition.
  My question is:
  Is there any chance I can have "fully functional" /Users directory mounted as additional encrypted partition?
  Thanks,
  Mike

  Hi Linc,
  Thanks for your answer.
  No, because the Users volume would already have to be unlocked and mounted before you could log in, and that's impossible.
  I don't think it is impossible. I would reather say: "Apple makes it difficult to do".
  I barely see any problem with mounting other partitions on the system level during boot.
  The question is: "How hard is it to do that now?"
  The second question is: "When (and how) Apple will make it easier?"
  The best you could do would be to log in, mount the volume as root at /Users, then log out and log in again. I wouldn't recommend that you try this.
  Yeah... I don't feel like log in two times. I wouldn't recommend it either.
  I have another idea which is:
  1. Mount addtitional encrypted partition as /Volumes/Whatever
  2. Create directories like:
  /Volumes/Whatever/Documents
  /Volumes/Whatever/Pictures
  /Volumes/Whatever/Music
  /Volumes/Whatever/Library
  3. Mount these directories in places under /Users/MyUser/... during login.
  So there are other questions:
  1. How to do it the "Mac way"?
  2. There are maybe some directories which probably can not be mounted this way as its content can be necessary for login process to perform (probably some subdirectories of Library). Is it the case?
  Cheers,
  Mike

• [Solved] Clone existing arch system onto dm-crypt encrypted volume

  Hi all,
  I've been playing around with full disk encryption using dm-crypt and luks, and have it working pretty well on a spare harddrive. I don't want to go through the process of re-customizing a full install again, so I was wondering if it's possible to clone my / partition from my current install to an encrypted disk?
  My end goal is to have my /boot partition on a USB thumb drive and a giant encrypted volume for the rest of the / partition (including /home).
  My current drive has a / partition and a separate /home partition.
  I'm imagining something like this:
  Set up the whole new drive as an encrypted volume, unlock it with cryptsetup and map it to /dev/mapper/root
  dd if=/dev/myOldDisk/rootPartition of=/dev/mapper/root
  delete the encrypted /boot (it came over from OldDisk but I don't want it on the new encrypted disk).
  Copy files from old home to encrypted disk's /home folder.
  Would that work? Or am I better off just copying files over from my old / folder rather than using dd?
  I appreciate any input you've got!
  -Lefty
  Last edited by LeftyAce (2014-01-06 22:41:14)

  LeftyAce wrote:Set up the whole new drive as an encrypted volume, unlock it with cryptsetup and map it to /dev/mapper/root
  dd if=/dev/myOldDisk/rootPartition of=/dev/mapper/root
  +1 to dodo3773's suggestion to use rsync, the above dd would create garbage anyway. You could dd an encrypted partition to another empty one (on the new drive), but creating and mapping a new encrypted volume first will result in a fresh encryption key. The garbage occurs since your command clones encrypted bytes incl. the old encryption header to a transparent (non-encrypted) mapper. A bit more info here.

• Link to a file in encrypted partition

  Hi all,
  I have an encrypted partition with some files I use regularly.  If I mount the partition, I can make a shortcut to files by dragging them onto the dock.  If I click the icon on the dock, and the encrypted partion is not mounted, I get prompted for the password and the partion mounts and the file opens.
  I'd like to put several of these shortcuts in a single folder on my dock.  Just dragging and dropping does nothing.  Any thoughts?

  So I solved this by having an applescipt call a bash script.  Kind of a silly round-about way to do it, but it works.

• Gummiboot and encrypted / partition

  Hi,
  This is my first experience with Arch, with GPT, with LUKS, and with gummiboot, so I have a lot of sources of ignorance. 
  I am trying to set up a LUKS-encrypted system with encrypted swap.  I have followed the beginner's guide and the dm-crypt with LUKS guide pretty carefully and have no problem creating the encrypted partitions.  However, I don't quite understand how to construct the gummiboot entry for booting into the system. 
  the gummiboot wiki page has some instructions:
  An example entry for encrypted root (dm-crypt with LUKS)
  $esp/loader/entries/arch-encrypted.conf
  title          Arch Linux (Encrypted)
  linux          \\path\\to\\vmlinuz-linux
  options        initrd=\\path\\to\\initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
  In the encrypted example, not that the initrd is in options -- this does not appear to be discretionary at this time. Note that UUID is used for in this example. PARTUUID should be able to replace the UUID, if so desired.
  much of this is foreign to me.  In particular, how do I identify the various UUID's:
  cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID>
  are those all the same UUID?  Or is there a difference between the plain  UUID and the luks-UUID?  And how do I get either of those pieces of information? 
  also, I am trying to speed things up a little by using this install script from the web:
  https://github.com/altercation/archston … chstone.sh
  however, a bunch of stuff there seems like it's out of date (lots of referenes to rc.conf, for instance!). 
  I'm wondering if there are other inconsistenies as well I should be careful of. 
  Thanks,
  Matt

  yes, this random script was a bad idea and I've stopped using it.  That said, I really don't understand the UUID stuff in my initial question, despite having gone through the beginner's guide & stuff.  In fact, the whole gummiboot stanza is odd to me: 
  An example entry for encrypted root (dm-crypt with LUKS)
  $esp/loader/entries/arch-encrypted.conf
  title          Arch Linux (Encrypted)
  linux          \\path\\to\\vmlinuz-linux
  options        initrd=\\path\\to\\initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
  what is with the escaped windows-looking  backslashes -- shouldn't this read more like:
  title          Arch Linux (Encrypted)
  linux          /vmlinuz-linux
  options        initrd=/initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
  ... and is there a way to find the relevant UUID's somewhere?  Thanks,
  Matt

• Encrypted partition

  hi
  i have an encrypted partition use by suse
  is there a way to use it with arch linux?
  thanks

  Generally you would use the same method you (or suse) uses to mount and unlock the encrypted partition.
  If you use Luks for the encryption with dm_crypt you could simply run:
  cryptsetup luksOpen /dev/hdaX name_of_partition
  mount /dev/mapper/name_of_partition /partition_mountpoint
  To do all of this atomatically you would need to edit /mnt/etc/crypttab and enter the needed information.
  Here are two wiki entries concerning LUKS with Arch, they do not directly relate to what you need but you could use some pieces of it.
  LUKS Encrypted Root
  RAID Encryption LVM
  Most of the above is only valid when you're using LUKS I suppose. I also can't say anything about other methods because I never used them.

• Does Time Machine still ignore mounted disk images? Specifically, encrypted sparse bundle disk images?

  My Time Machine backs up to Time Capsule which cannot be encrypted. I also have confidential data in an encrypted sparse bundle disk image in my home folder. When TM backs up and the encrypted sparse bundle disk image is mounted and I'm accessing the data, does TM back up the data "in the clear" decrypted form or does it exclude the disk image because it's mounted? I've done a little research, but there's conflicting information. Not sure what happens in Lion now...

  Time Machine does not backup mounted disk images! The encrypted sparse bundle disk image was mounted, I updated a doc and did a TM backup - the file was not listed in the TM repository and the doc remained unchanged in the encrypted sparse bundle disk image on TM. Then I ejected the disk image and did a TM backup - the updated doc was backed up in the encrypted sparse bundle disk image! Thank you!

• OpenSUSE - Arch switch: encrypted partitions, keeping /home and other

  Hello,
  I am considering switching from openSUSE to Arch -- I want to gain performance, avoid releases and try something new -- but have some doubts/questions. I would appreciate if you could help me a bit with resolving them :)
  i. From what I see on the fora some of you are (ex) SUSE users so... will I miss anything?
  ii. Should I expect any problems in general?
     a) I am using nVidia proprietary drivers and, despite all downsides, would like to keep doing so. Are there any problems regarding installation or keeping them up to date?
     b) Is it possible to use s2ram and s2disk or obtain working counterpart(s), as, I hear, there are some problems with those?
     c) Is it possible to install software from debs and/or rpms? Possibly without extracting and moving files manually?
     d) Is it safe to assume that hardware and all applications not specific to any distribution will work just as well as they do on SUSE? I know, Linux is Linux but still.
  /edit:   e) Does getting fonts to be displayed properly takes a lot of tweaking? This problem does not exist on SUSE but on other distros it used to be a pain.
  iii. I have SUSE installed on encrypted partitions (with luks and /dev/mapper so it's pretty similar to setup recommended for Arch in that matter) and would like to avoid reencrypting as well as keep /home untouched. Is it possible and not too complicated?
  (I have seen http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root, http://wiki.archlinux.org/index.php/Off … tall_Guide and http://wiki.archlinux.org/index.php/Ins … ing_Linux)
  Any additional information and comments are welcome.
  Last edited by skx (2009-02-16 15:36:33)

  quarkup wrote:ii)
  a) No problemo. I use nVidia drivers too for my 6800go, with no issues.
  Inxsible wrote:ii c) [....] I think there are packages in AUR, which can help you convert them to an Arch PKGBUILD and then install them.
  Thanks.
  bgc1954 wrote:i)
  Well, if you used suse for any length of time, you might miss the incredible slowness of yast as compared to pacman. :D
  YaST is not that slow anymore ;)
  What about the encryption part? That's the one that makes me anxious.
  Last edited by skx (2009-02-16 15:50:58)

• [SOLVED] /mnt and /mnt/boot on seperate partitions?

  I'd like to keep /mnt/boot on my ssd, and keep /mnt on my hdd. I know it's possible to keep /mnt on one partition, and /mnt/home on another, because I've done it on another computer. When I tried to do this new setup, pacstrap failed to install.
  Here's what I did
  mkdir /mnt/boot
  mount /dev/sda7 /mnt/boot #a logical partition on my ssd
  mount /dev/sdb3 /mnt #a large partition on my hdd
  Any suggestions?
  Last edited by cu3ba11 (2013-11-02 21:03:05)

  The mount point for / during installation is arbitrary. What you need to be asking is "Can / and /boot be on separate partitions?" And the answer is yes.
  However, the real problem is that you created and mounted /mnt/boot before mounting /mnt. This is pretty basic stuff, so I suggest you try to figure out why that can't work.
  Last edited by alphaniner (2013-11-01 21:01:31)

• [Solved]Mount windows encrypted partition

  Hi,
  I have encrypted the Windows 7 system partition fully using truecrypt. In Linux when i try to mount that partition [/dev/sda1] it says "incorrect password of not a truecrypt partition". I am entering the same password which I use while booting into Windows, that is pre-boot password.:/
  Last edited by sHyLoCk (2010-06-15 14:12:53)

  Do you use the same truecrypt version on windows and linux? also to be able to mount encrypted systems you have to activate a separate checkbox telling that the partition is using system encryption in truecrypts mount dialog (don't know where exactly it is since I didn't use truecrypt in a while), otherwise it will show the error you mentioned.

• [Solved] Mount LUKS encrypted hard drive at boot

  Hi,
  This is driving me nuts. I'm getting angry to be honest.
  I encrypted my brand new WD portable hard drive with LUKS + dm-crypt and I can now normally map and mount it with the following commands:
  sudo cryptsetup luksOpen /dev/sdc1 WesternDigital
  [Enter Passphrase]
  sudo mount /dev/mapper/WesternDigital /media/WesternDigital
  I would like to map and mount it at boot time (where I should be prompted for the passphrase), so I edited:
  /etc/crypttab
  WesternDigital /dev/sdc1 none luks
  and:
  /etc/fstab
  /dev/mapper/WesternDigital /media/WesternDigital ext4 defaults,noauto,noatime 0 0
  During boot I get some errors regarding the decrypting or mapping of WesternDigital that fails but it's too fast to note down something (and, as you probably know, there's no known way to log boot messages on Arch...)
  After boot if I try to manually mount /media/WesternDigital I get a message saying /dev/mapper/WesternDigital does not exist.
  So I guess the problem is in the mapping phase and thus in the /etc/crypttab file.
  I can't find anything in the internet but maybe I'm missing something very basic (a daemon, a module?).
  Any help is indeed very appreciated, thank you.
  Last edited by rent0n (2010-09-24 15:27:16)

  Ok, it's solved. I tried many different configurations of /etc/crypttab, /etc/fstab, /etc/mkinitcpio.conf /etc/rc.conf /boot/grub/menu.lst and I finally found the right setup.
  I'm not sure of what was wrong in the first place so I'll just post my current working configs for future reference.
  /boot/grub/menu.lst
  Doesn't need to be edited at all (ignore the above post).
  /etc/rc.conf
  You don't need to add any module here because the dm-crypt and dm-mod modules are loaded thanks to the encrypt hook.
  /etc/mkinitcpio.conf
  The HOOKS line should include usb, usbinput (probably) and encrypt. usb must precede encrypt that must precede filesystems:
  HOOKS="base udev autodetect pata scsi sata usb usbinput keymap encrypt filesystems resume"
  /etc/crypttab
  WesternDigital /dev/sdX ASK
  Do not insert 'luks', 'retry=X' or other kind of options (you can find this kind of options in many tutorials and howtos). That was one of my problems I guess.
  /etc/fstab
  /dev/mapper/WesternDigital /media/WesternDigital auto defaults,noatime 0 0
  Note
  I'm not sure if this has been helpful or not... however I was able to get it to work after following the advice found here.
  Cheers,

• [SOLVED] Running Systemd service on login (encrypted home partition)

  Hi,
  I have a dm-crypt/LUKS encrypted home partition that's mounted via PAM on login. I'm trying to use a systemd service (profile-sync-daemon), but the service tries to start and access the home partition before the partition is mounted. The service does seem to start successfully, but it doesn't gain access to necessary files on the home partition and malfunctions later on. Is there a sane hack to somehow delay the start of the service until the relevant partition gets mounted (basically after login)? Manually starting the service after login works just as intended in this case - I'm just looking for a way to automate this process.
  I have an idea of starting the service via Openbox autostart, but I've currently failed in my attempts.
  Last edited by ggg377 (2015-05-28 18:31:10)

  Things got quite complicated and hacky as I researched this so I went out of the box a bit (or took the easy way out, whichever you prefer) and reinstalled Arch with a full disk encryption. All is fine now and I also expect to see less problems overall in the future. If anyone wants to continue researching this it would probably be a good idea to start a new thread.

• [Solved] Mounting Partitions from Beginners Guide

  Hi everyone. I've setup Arch before, but I see that the installer has been removed. I had a question on some of the documentation from the Beginners Guide...
  From the section "Prepare the storage drive" it states to setup the partitions like so:
  Name Flags Part Type FS Type [Label] Size (MB)
  sda1 Boot Primary Linux 15440
  sda2 Primary Linux swap / Solaris 1024
  sda3 Primary Linux 133000*
  In the section below it ("Mount the partitions ") it explains to "mount any other separate partition" like so:
  # mkdir /mnt/home
  # mount /dev/sda4 /mnt/home
  # mkdir /mnt/boot
  # mount /dev/sda1 /mnt/boot
  However, I set my partitions up just how it was above, when I put in the syntax "mount /dev/sda4 /mnt/home" I receive an error that sda4 doesn't exist. Using my best judgement I put in "mount /dev/sda3 /mnt/home" as I set my partitions exactly the way from the storage drive section (minus some storage space for sda3). I'd just like to be sure that I set this up right and not doing anything extremely wrong. For some reason, Arch won't boot after I have the system setup in virtualbox, and I'm trying to narrow down the issue.
  Thanks.
  Last edited by Quill (2012-09-01 04:16:22)

  Trilby wrote:
  It says to do that if you have any additional partitions.  You do not.
  Sda3 should not be mounted as home, it should be your root partition right?  You should have already done
  mount /dev/sda3 /mnt
  You should not remount sda3 as something else (in fact I suspect it should give an error).
  That partition scheme does not have a separate home parition.
  Cool, thanks for the info. Yeah, sda3 is set as my root partition. It's solved.

• How to mount encrypted partition

  I have Archlinux installed in dual boot with Ubuntu. My home partition on Ubuntu is encrypted with ecrypt. I would like to have this partition mounted on boot at Archlinux too. Does anyone can help me how to do that?
  Thanks a lot.

  https://wiki.archlinux.org/index.php/Sy … h_eCryptfs
  Please search the wiki before asking for help here.

• [SOLVED] Mounting a logical partition

  Scenario:
  /dev/sda1 primary NTFS windows boot
  /dev/sda2 primary NTFS windows home
  /dev/sda3 primary ext4 arch /boot
  /dev/sda5 primary ext4 arch /
  /dev/sda6 logical ext4 arch /home
  /dev/sda7 arch swap
  Do I perform mount /dev/sda6 /mnt/home as if it were a "normal" partition?
  EDIT: I would mount each logical partition as normal.
  Last edited by tancrackers (2012-08-29 03:34:46)

  shortcut144 wrote:
  perbh wrote:
  Assume your fat-partition is /dev/sda5 (just as an example)
  sudo mount -t vfat /dev/sda5 /some/mount/point
  Otherwise - as 's3kt0r' says - you can easily mount a ntfs-partition for read/write as well (using ntfs-3g)
  Awesome, thank you.  Marked as solved.
  Should I put this command in my fstab, or just make a startup command for this?
  You could do either ....
  If it will _always_ be there and you always want it mounted - put it in /etc/fstab, -or- you could put it in /etc/rc.local (without using 'sudo' of course).
  I'm a great believer in using rc.local because you _know_ that everything which might be needed (modules eg.) will be available by then.
  If you use /etc/fstab, your entry would be:
  /dev/sda5 /mount/point vfat defaults 0 0