Auto-mount LUKS
- You'll have to know a valid unlock password for the partition to mount (duh)
- All placeholders in this text are enclosed in brackets - your need to replace all of it, e.g.
dd if=[name]where the name is bob becomesdd if=bob, not "dd if=[bob]"! - The placeholder
[device]is the device path of your partition, e.g. something like /dev/sdb2 or /dev/nvme1n1p2 - The placeholder
[name]is the friendly name for the unencrypted mapper, becoming/dev/mapper/[name]- use something like saveDrive here for example. - The placeholders
[user]and[group]are the user and group to mount the unlocked partition for - typically they are both your current username
Create a new key file
Let's first create a new key file of random data and make it readable for root only - you can of course change the location of the file but you'll have to use the other location in the following steps, too.
openssl rand -out /root/mykeyfile.key 4096
chmod 600 /root/mykeyfile.key
chown root:root /root/mykeyfile.keyAdd key file to your LUKS device
Now add the keyfile as an alternative key (one of 8 key slots) to decrypt the device
cryptsetup luksAddKey /dev/[device] /root/mykeyfile.keyYou'll be asked for your already installed unlock password here.
Registering in crypttab
Edit or create the file /etc/crypttab and add a line for your partition:
[name] [device] /root/mykeyfile.key luksYou can use your dev path if that doesn't change - in my case, it's random in which order the devices are initalized. So solve that, you can use the partition's UUID instead:
blkid [device]Then take the UUID, not the PARTUUID and insert it here instead of [uuid]:
[name] UUID=[uuid] /root/mykeyfile.key luksRegister default mount options
Edit the file /etc/fstab and add a line for the new mapper
/dev/mapper/[name] /media/[user]/[name] ext4 defaults 0 2This will mount the unlocked device to /media/[user]/[name] - you can change that of course.
Auto-create the mount location
Create a new file /etc/tmpfiles.d/[name] and add the following line:
d /media/[user]/[name] 0755 [user] [group]
systemd-tmpfiles --create