3

In order for the bootloader to decrypt the root filesystem you just need the parameters cryptdevice=/dev/sda1:crypt root=/dev/mapper/crypt. What would be the parameter for other filessystems than root so I am prompted for multiple device to decrypt (the equivalent of root= for non root fs).

EDIT : If my encrypted data partition is /dev/sda2, will adding /dev/mapper/cryptsda2 in fstab be enough to tell the system to uncrypt /dev/sda2 first ?

Taz8du29
  • 401
ChiseledAbs
  • 2,243
  • In theory an OS does not need this capability, as it can do this one the system is up. (I don't know about the reality of it though). – ctrl-alt-delor Jul 26 '16 at 09:55
  • Be careful: Ensure that key is not stored with computer (use passphrase and/or removable key). If your computer is left where it could otherwise be compromised (if it was not encrypted), then consider if compromised, if you ever unlock it afterwards. – ctrl-alt-delor Jul 26 '16 at 09:58
  • 2
    Guessing based on https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration cryptdevice=/dev/sda2:somename might create /dev/mapper/somename which you could mount – ilkkachu Jul 26 '16 at 11:08
  • @ilkkachu you're right, cryptsetup as kernel parameter will decrypt the encrypted device and fstab will mount that automatically. I thought i had to find the equivalent of root= – ChiseledAbs Jul 26 '16 at 11:18
  • If you get no answers maybe this can work instead: http://stackoverflow.com/a/23451824/363028 – Ole Tange Jul 27 '16 at 09:10

0 Answers0