Mounting Encrypted Drives

inxi -Faz
System:
  Kernel: 5.15.14-1-lts x86_64 bits: 64 compiler: gcc v: 11.1.0
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-lts
    root=UUID=33da784c-6400-4145-99e3-93bc3c7463b2 rw [email protected]
    quiet
    cryptdevice=UUID=5b16040e-5d39-4cd0-80b7-423ffe50eaff:luks-5b16040e-5d39-4cd0-80b7-423ffe50eaff
    root=/dev/mapper/luks-5b16040e-5d39-4cd0-80b7-423ffe50eaff splash                                                                  
    rd.udev.log_priority=3 vt.global_cursor_default=0 loglevel=3                                                                       
  Desktop: LXQt 1.0.0 tk: Qt 5.15.2 info: cairo-dock, lxqt-panel                                                                       
    wm: kwin_x11 vt: 1 dm: SDDM Distro: Garuda Linux base: Arch Linux                                                                  
Machine:                                                                                                                               
  Type: Desktop Mobo: INTEL model: HM65DESK serial: <superuser required>                                                               
    UEFI: American Megatrends v: 4.6.5 date: 02/23/2019                                                                                
CPU:                                                                                                                                   
  Info: model: Intel Core i7-2620M bits: 64 type: MT MCP arch: Sandy Bridge                                                            
    family: 6 model-id: 0x2A (42) stepping: 7 microcode: 0x2F                                                                          
  Topology: cpus: 1x cores: 2 tpc: 2 threads: 4 smt: enabled cache:                                                                    
    L1: 128 KiB desc: d-2x32 KiB; i-2x32 KiB L2: 512 KiB desc: 2x256 KiB                                                               
    L3: 4 MiB desc: 1x4 MiB                                                                                                            
  Speed (MHz): avg: 1057 high: 1341 min/max: 800/3400 scaling:                                                                         
    driver: intel_cpufreq governor: performance cores: 1: 1341 2: 1172 3: 837                                                          
    4: 880 bogomips: 21551                                                                                                             
  Flags: avx ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3                                                                            
  Vulnerabilities:                                                                                                                     
  Type: itlb_multihit status: KVM: VMX unsupported                                                                                     
  Type: l1tf mitigation: PTE Inversion                                                                                                 
  Type: mds mitigation: Clear CPU buffers; SMT vulnerable                                                                              
  Type: meltdown mitigation: PTI                                                                                                       
  Type: spec_store_bypass                                                                                                              
    mitigation: Speculative Store Bypass disabled via prctl and seccomp                                                                
  Type: spectre_v1                                                                                                                     
    mitigation: usercopy/swapgs barriers and __user pointer sanitization                                                               
  Type: spectre_v2 mitigation: Full generic retpoline, IBPB: conditional,                                                              
    IBRS_FW, STIBP: conditional, RSB filling
  Type: srbds status: Not affected
  Type: tsx_async_abort status: Not affected
Graphics:
  Device-1: NVIDIA GM107 [GeForce GTX 750] driver: nvidia v: 495.46
    alternate: nouveau,nvidia_drm bus-ID: 01:00.0 chip-ID: 10de:1381
    class-ID: 0300
  Display: x11 server: X.Org 1.21.1.3 compositor: kwin_x11 driver:
    loaded: nvidia unloaded: modesetting alternate: fbdev,nouveau,nv,vesa
    display-ID: :0 screens: 1
  Screen-1: 0 s-res: 1360x768 s-dpi: 90 s-size: 384x300mm (15.1x11.8")
    s-diag: 487mm (19.2")
  Monitor-1: HDMI-0 res: 1360x768 hz: 60 dpi: 49
    size: 708x398mm (27.9x15.7") diag: 812mm (32")
  OpenGL: renderer: NVIDIA GeForce GTX 750/PCIe/SSE2 v: 4.6.0 NVIDIA 495.46
    direct render: Yes
Audio:
  Device-1: Intel 6 Series/C200 Series Family High Definition Audio
    driver: snd_hda_intel v: kernel bus-ID: 00:1b.0 chip-ID: 8086:1c20
    class-ID: 0403
  Device-2: NVIDIA GM107 High Definition Audio [GeForce 940MX]
    driver: snd_hda_intel v: kernel bus-ID: 01:00.1 chip-ID: 10de:0fbc
    class-ID: 0403
  Sound Server-1: ALSA v: k5.15.14-1-lts running: yes
  Sound Server-2: JACK v: 1.9.19 running: no
  Sound Server-3: PulseAudio v: 15.0 running: yes
  Sound Server-4: PipeWire v: 0.3.43 running: yes
Network:
  Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    driver: r8169 v: kernel port: d000 bus-ID: 03:00.0 chip-ID: 10ec:8168
    class-ID: 0200
  IF: enp3s0 state: up speed: 1000 Mbps duplex: full mac: <filter>
Drives:
  Local Storage: total: 2.78 TiB used: 426.06 GiB (14.9%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/sda maj-min: 8:0 model: SATA SSD size: 55.9 GiB block-size:
    physical: 512 B logical: 512 B speed: 3.0 Gb/s type: SSD serial: <filter>
    rev: Sb10 scheme: GPT
  ID-2: /dev/sdb maj-min: 8:16 vendor: Seagate model: ST3000NM0053
    size: 2.73 TiB block-size: physical: 512 B logical: 512 B speed: 3.0 Gb/s
    type: HDD rpm: 7200 serial: <filter> rev: G00A scheme: GPT
Partition:
  ID-1: / raw-size: 558.79 GiB size: 558.79 GiB (100.00%)
    used: 28.48 GiB (5.1%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-5b16040e-5d39-4cd0-80b7-423ffe50eaff
  ID-2: /boot/efi raw-size: 5.59 GiB size: 5.58 GiB (99.80%)
    used: 240.8 MiB (4.2%) fs: vfat dev: /dev/sda2 maj-min: 8:2
  ID-3: /home raw-size: 558.79 GiB size: 558.79 GiB (100.00%)
    used: 28.48 GiB (5.1%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-5b16040e-5d39-4cd0-80b7-423ffe50eaff
  ID-4: /var/log raw-size: 558.79 GiB size: 558.79 GiB (100.00%)
    used: 28.48 GiB (5.1%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-5b16040e-5d39-4cd0-80b7-423ffe50eaff
  ID-5: /var/tmp raw-size: 558.79 GiB size: 558.79 GiB (100.00%)
    used: 28.48 GiB (5.1%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-5b16040e-5d39-4cd0-80b7-423ffe50eaff
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
  ID-1: swap-1 type: zram size: 3.79 GiB used: 35 MiB (0.9%) priority: 100
    dev: /dev/zram0
Sensors:
  System Temperatures: cpu: 29.8 C mobo: 27.8 C gpu: nvidia temp: 31 C
  Fan Speeds (RPM): N/A gpu: nvidia fan: 33%
Info:
  Processes: 224 Uptime: 16m wakeups: 0 Memory: 3.79 GiB
  used: 1.88 GiB (49.7%) Init: systemd v: 250 tool: systemctl Compilers:
  gcc: 11.1.0 clang: 13.0.0 Packages: pacman: 1670 lib: 497 Shell: Bash
  v: 5.1.16 running-in: qterminal inxi: 3.3.11

Hi everyone, this Aori, entry 1.064 on the forum xDD
Man, being a noobie is annoying

So, I have absolutely no idea how to do this one basic thing:

~>Start my system with my encrypted partition already opened and mounted.<~

So, I did do some research and this is the most useful link I could find... but idk, I have no idea if this will actually work or not and I'm not in the mood of messing up my system this month, I did it a lot last december xD

My 2 main concerns are: first, if removing the "none" would be appropriate, since I am using gnome-keyring to store my password; second, if the fstab is actually needed and what does it do... I have a thumb rule of not entering a line on the terminal I don't really understand what it does if it's from an untrusted source so any tips are welcome

Also, if you have a rabit under your hat or an easier way of accomplishing this task, please feel free to share it and let me know

Thanks for your time reading : 3

/etc/fstab is a file that your system reads when it is booting up to automatically mount system drives. Each entry is a separate partition on a drive. Usually stuff you put on there is stuff that is permanently connected (not a thumb drive, for example) because it can cause problems if your computer can't find something that is on there. If a partition is not in the file, it is not automatically mounted when your machine boots up.

The information in the file tells the computer what the partition is called (UUID), what kind of filesystem is on there, what the mountpoint for the device is, and some other stuff.

When you install a new operating system, it should fill in your /etc/fstab file automatically with whatever drives it is using to run your machine. It will make the mountpoints and everything on its own. That goes for pretty much any operating system that uses an installer. Typically if you have to modify the etc/fstab file it is because you are adding, removing, or changing a drive.

Are you currently booting your computer, then putting in a password to get through the encryption, and then it starts up normally? If so, then your device is already entered into the /etc/fstab file and should not be modified.

Or do you have an additional encrypted device that you want to add to the boot routine and be automatically mounted when your system starts up?

2 Likes

First of all, thank you for such an explanation, it cleared my view so much!
Second of all, my deal is: the encryption password is already stored on gnome.keyrings, so I don't have to put any passwords, but I do have to manually click on the drive for it to be then unlocked and used.

I assume from your explanation then that my experience is as good as it is? I SHOULD be clicking on the drive on the pcman file manager for it to start (as I am)?
In that sense, it'd be of no use messing up with any file systems then xD

Hmm, this make it sound like the drive is not being automatically mounted after all. It's hard for me to tell because your setup is different than mine, but it sounds like it is setting up a mount when you click on it.

I would try to edit /etc/crypttab and /etc/fstab after all (like they describe in the link you posted).

/etc/crypttab is a special file that contains mappings for encrypted partitions, like a special path for fstab to follow. I'm honestly not too familiar with the why or how on that one, I typically don't bother with encryption.

As for the "none" (in the /etc/crypttab file) I would first try just leaving it as "none" and see if your keyring works automatically (the same as it does now) to get access to the drive.

The how-to you picked out looks good, I say give it a shot!

1 Like

Well, I followed the tutorial and things went bad
By doing exactly as they say (also by removing the none), I had to manually input my password at the boot screen which is hell like 200 characters long or so and it was plain nightmare.
Then I saw in the crypttab that it had a space for the password and I just plainly put it there and... well, then the system wouldn't boot!

I just restored the snapshot (and btw, first time with snapper, it's way faster and looked way more secure than with timeshift), and now I'm resining myself to be with the easy-way of just clicking the damn icon every boot-up xD
Seems a bother, but seems to work better than the other stuff so far.

Thank you Bluish, for helping me and for giving me such good responses \o/ : 3

When I used to work for the NSA, we needed passwords no longer than 12 characters
(0-9,a-z,A-Z,[email protected]#$%^&*) what the hell do you need to secure?
dirty movies? :smiley:
We didn't have them :wink:

5 Likes

Well, I'm a bit of an overblown so If I'm gonna do a passphrase I won't remember but just shove it to bitwarden, why not just making it ridiculously long? :rofl::rofl::rofl::rofl::rofl:
I never really thought I'd have to manually input it

I was thinking about this, and ended up reading a little more when I found this article:

The whole step where they automatically generate a random key I don't think would apply to your setup (because you already have a key), but the thing that occurred to me was that in this tutorial the key is saved to a file, and the entry in /etc/crypttab points to that file. Not the actual key value, but just the location of a file that contains the key value.

I thought maybe that little detail might have been what caused your whole thing to go sideways. Honestly I wouldn't blame you one bit if you just wanted to forget the whole thing and keep manually mounting the drive after your lousy experience with that first tutorial! But I thought I would pass that along anyway because I felt like a little light bulb went off when I was reading that.