Mount a LUKS Encrypted partition on Linux boot

Submitted by editor on Sun, 07/31/2016 - 16:33

On Linux (Debian, Mint ...), how to mount a LUKS Encrypted partition on boot ?

1. get THE UUID from blkid

Ex    /dev/mapper/encrypted-partition: UUID="d62cb037-e5ba-4f49-a92a-69705e4bae2b" TYPE="crypto_LUKS"
not    /dev/mapper/luks-d62cb037-e5ba-4f49-a92a-69705e4bae2b: UUID="f6d930b6-b75b-440c-9b41-67ed538bdd75" TYPE="ext4"

2. qdd napper name to /etc/crypttab
The partition will appear as a device in /dev/mapper/<mapper name>.
Entries in /etc/crypttab are of the form
<mapper name> UUID=<UUID>

Example 1:
decrypted-partition UUID=d62cb037-e5ba-4f49-a92a-69705e4bae2b
Example 2:
decrypted-partition UUID=d62cb037-e5ba-4f49-a92a-69705e4bae2b none luks

For more information on /etc/crypttab, see $ man crypttab.

3.Edit /etc/fstab and add
Example 1.
/dev/mapper/decrypted-partition /media/ext-hdd ext4 defaults 1 2
Example 2.
/dev/mapper/decrypted-partition /media/ext-hdd ext4 defaults,x-gvfs-name=ENC 1 2
Example 3
decrypted-partition UUID=d62cb037-e5ba-4f49-a92a-69705e4bae2b none luks

4. Reboot

The next time you boot your system you will be prompted for the passphrase and the partition will be mounted to the given mount point. The output of $ blkid should now contain

/dev/mapper/encrypted-partition: UUID="d62cb037-e5ba-4f49-a92a-69705e4bae2b" TYPE="crypto_LUKS"
/dev/mapper/decrypted-partition: UUID="93f9bbf4-4e4f-4647-85f3-4fbba7d7a21f" TYPE="ext4"



Change UUID of LUKS encrypted partition.

1. Generate new uuid using uuidgen
2. cryptsetup luksUUID /dev/sda1 --uuid "THE-NEW-UUID"

Set / Change UUID of a partition
sudo tune2fs /dev/sde5 -U 507fe741-bf59-40f4-8cef-6b0803f11f30



Add new comment