Mount a LUKS Encrypted partition on Linux boot

Submitted by editor on Sun, 07/31/2016 - 16:33
Question

On Linux (Debian, Mint ...), how to mount a LUKS Encrypted partition on boot ?

1. get THE UUID from blkid

Ex    /dev/mapper/encrypted-partition: UUID="d62cb037-e5ba-4f49-a92a-69705e4bae2b" TYPE="crypto_LUKS"
not    /dev/mapper/luks-d62cb037-e5ba-4f49-a92a-69705e4bae2b: UUID="f6d930b6-b75b-440c-9b41-67ed538bdd75" TYPE="ext4"

2. qdd napper name to /etc/crypttab
The partition will appear as a device in /dev/mapper/<mapper name>.
Entries in /etc/crypttab are of the form
<mapper name> UUID=<UUID>

Example 1:
decrypted-partition UUID=d62cb037-e5ba-4f49-a92a-69705e4bae2b
Example 2:
decrypted-partition UUID=d62cb037-e5ba-4f49-a92a-69705e4bae2b none luks

For more information on /etc/crypttab, see $ man crypttab.

3.Edit /etc/fstab and add
Example 1.
/dev/mapper/decrypted-partition /media/ext-hdd ext4 defaults 1 2
Example 2.
/dev/mapper/decrypted-partition /media/ext-hdd ext4 defaults,x-gvfs-name=ENC 1 2
Example 3
decrypted-partition UUID=d62cb037-e5ba-4f49-a92a-69705e4bae2b none luks

4. Reboot

Note
The next time you boot your system you will be prompted for the passphrase and the partition will be mounted to the given mount point. The output of $ blkid should now contain

/dev/mapper/encrypted-partition: UUID="d62cb037-e5ba-4f49-a92a-69705e4bae2b" TYPE="crypto_LUKS"
/dev/mapper/decrypted-partition: UUID="93f9bbf4-4e4f-4647-85f3-4fbba7d7a21f" TYPE="ext4"

 

Tips

Change UUID of LUKS encrypted partition.

1. Generate new uuid using uuidgen
2. cryptsetup luksUUID /dev/sda1 --uuid "THE-NEW-UUID"

Set / Change UUID of a partition
sudo tune2fs /dev/sde5 -U 507fe741-bf59-40f4-8cef-6b0803f11f30

 

Tags

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.