Hello,
I'm currently on Debian Sid. I decided to convert my /home (who is on dedicaded hdd) to luks2 without formatting (with cryptsetup-reencrypt --new).
So that's what i've do in order :
Boot into Debian Live
Then type the command>
- e2fsck -f /dev/sdc3
- resize2fs -M /dev/sdc3
- cryptsetup-reencrypt --verbose --debug --new --reduce-device-size=64M --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 --type=luks2 --pbkdf=argon2id --pbkdf-force-iterations=50000 --pbkdf-memory=1048576 --pbkdf-parallel=4 --use-random /dev/sdc3
- cryptsetup luksOpen /dev/sdc3 home-encrypted
- resize2fs /dev/mapper/home-encrypted
- mount /dev/mapper/home-encrypted /mnt/home-encrypted
Then i checked that everything is fine on the partition, that the case.
Getting the uuid :
lsblk -o name,uuid,mountpoint
NAME UUID MOUNTPOINT
sda
├─sda1 da13dd96-8f92-4f4c-8a47-2fc611656194 /
└─sda6 38d301c1-4164-4349-a130-b769d49d274a [SWAP]
sdb
└─sdb1 2aa2ca11-f123-47ad-90cb-ed0f631ab251 /home/unknown/Temporaire
sde 2019-11-16-10-31-18-00
├─sde1 2019-11-16-10-31-18-00
└─sde2 DEB0-0001
sdh
└─sdh3 2d82b084-e9c2-497b-a285-63203860b148
└─home-encrypted 0d248680-8417-4f9e-9d9b-8218d90be52f /home
sdi
└─sdi1 04eb6f31-8725-4f02-a20b-603a1235e0e7 /mnt/USB_BACKUP
sda1 is the root filesystem, sda6 is the swap, sdb1 is for temporary, sdeX is just my card reader, sdh3 is my home, and sdi1 is my usb backup.
Now i have to modify fstab/crypttab, so i added into :
fstab>
UUID=0d248680-8417-4f9e-9d9b-8218d90be52f /home ext4 defaults,errors=remount-ro 0 1
crypttab :
home-encrypted UUID=0d248680-8417-4f9e-9d9b-8218d90be52f none luks
Now updating initramfs :
- mount /dev/sda1 /mnt/sda1
- mount --bind /dev /mnt/sda1/dev
- mount --bind /dev/pts /mnt/sda1/dev/pts
- mount --bind /proc /mnt/sda1/proc
- mount --bind /sys /mnt/sda1/sys
- chroot /mnt/sda1
- update-initramfs -u -k all
The problem is when i restart the computer, it always launch a fsck on home-encrypted.
I tried a e2fsck -f /dev/mapper/home-encrypted to check if there is problem, nothing
Then, after the fsck, later on boot, i have this error :
DEPEND^[[0m] Dependency failed for ^[[0;1;39mCryp…aphy Setup for home-encrypted^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39mLocal Encrypted Volumes^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39m/dev/mapper/home-encrypted^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39m/home^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39mLocal File Systems^[[0m.
And after that debian boot in rescue mode. Never asked for password of home partition.
So far, my workaround is to boot without "/dev/mapper/home-encrypted" into fstab, go into first TTY, and type :
- cryptsetup luksOpen /dev/sdc3 home-encrypted
- mount /dev/mapper/home-encrypted /home
And i go back into ctrl+alt+F7, and loggin is fine...
I tried to do a "update-initramfs -u -k all" into my real system (thinking my chroot have failed), but the result is exactly the same.
Sorry for the long text, but i prefer giving all the info directly. Thanks by advance
[SOLVED] Luks encrypted partition fail to mount on boot
-
- Posts: 14
- Joined: 2020-02-06 12:55
[SOLVED] Luks encrypted partition fail to mount on boot
Last edited by SkilleR666 on 2020-02-07 05:11, edited 1 time in total.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 133 times
Re: Luks encrypted partition fail to mount on boot
You do not need to use the filesystem UUID in fstab, you can use the device-mapper name /dev/mapper/home-encrypted instead.SkilleR666 wrote:fstab>UUID=0d248680-8417-4f9e-9d9b-8218d90be52f /home ext4 defaults,errors=remount-ro 0 1
Not good. crypttab must use the LUKS container (sdc3/sdh3) UUID, not the filesystem UUID.SkilleR666 wrote:crypttab :home-encrypted UUID=0d248680-8417-4f9e-9d9b-8218d90be52f none luks
Surprising, because at this time the volume is not available yet.SkilleR666 wrote:The problem is when i restart the computer, it always launch a fsck on home-encrypted.
Pointless. This encrypted volume is not opened by the initramfs. Only /, /usr, hibernation swap and volumes with the option "initramfs" in crypttab are.SkilleR666 wrote:Now updating initramfs
-
- Posts: 14
- Joined: 2020-02-06 12:55
Re: Luks encrypted partition fail to mount on boot
Hi p.H,
Thanks for all this information, that was very helpeful and informative
Problem solved !
Thanks for all this information, that was very helpeful and informative
Problem solved !