system startup + cryptsetup

Marc Schwartz MSchwartz at mn.rr.com
Mon Mar 27 14:15:56 UTC 2006 

Gabor Walter wrote:
> Hi,
> 
> I want to encrypt my entire /home directory which is on a separate
> partition. I used cryptsetup which is available in FC5. I successfully
> created the encrypted partition and I also found a script at
> http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen which I would like
> to incorporate into my startup. The question is, where exactly?
> Should I (can I) modify rc.sysinit?
> Or should I just put it into rc.local?
> This is what I tried, but then I keep getting a message that /home needs a
> file system check and is corrupt (this sounds logical, because at this point
> the partition is neither opened nor mounted).
> So it looks to me like a real catch-22.
> TIA for any suggestions.
> 
> Gabor Walter
> Hungary

I'm not on FC5 yet, so take the following with a grain of salt, in case 
FC5 includes the HAL modifications that have been discussed elsewhere. 
 From the error message you are getting, which is presumably the result 
of FC5 attempting to auto mount the partition and not recognizing it as 
being encrypted, I presume not.

If not, then you need to modify /etc/fstab so that the mounting 
information for /home is properly mapped to the new device and does not 
auto mount the /home partition before it is opened with the passphrase.

Remove or comment out any existing line in /etc/fstab referring to 
/home. Then add something like the following line:

   /dev/mapper/hdc5    /home         ext3    noauto   0 0

This maps /home to the proper encrypted device, in my case hdc5. It sets 
'noauto' so that the partition is not auto mounted at boot. You may or 
may not need to add either 'user' or 'users' to the options (noauto) 
field, depending upon the user restrictions you want on mounting the 
partition. Also, change the file system type as may be appropriate, if 
you are not using ext3. See 'man mount' for more info.

As with Reinhard, I also added the luksopen script to rc.local and the 
system prompts me for the passphrase on boot.

HTH,

Marc Schwartz

More information about the fedora-list mailing list