Tropenhitze

Kannst du das spüren?

Disable auto mount of encrypted LUKS (CRYPTO_LUKS) partition on openSuSE 11.2 while booting

leave a comment »

If you have setup an encrypted partition on your openSuSE 11.2, while booting it would prompt you to enter the LUKS password before proceeding to the login screen. Even though it would continue booting if no input has been entered for more than 3 minutes, you may find it annoying , or you may want the encrypted partition to be mounted only on the fly whenever you wish. This workaround enables you to do so.

Open Terminal and type

cat /etc/crypttab

which should result in something like

cr_sdb4 /dev/disk/by-id/ata-ST31AS_5LS2T3NW-part4 none none

open the file with command line vi editor and change the none on the last column to noauto as shown below

sudo vi /etc/crypttab

and replace

cr_sdb4 /dev/disk/by-id/ata-ST31AS_5LS2T3NW-part4 none none

with

cr_sdb4  /dev/disk/by-id/ata-ST31AS_5LS2T3NW-part4 none noauto

and save the file and exit.

Make note of the name of the device ID. In this example it’s ata-ST316AS_5LS2T3NW-part4

Now if you reboot the system, you’ll notice that you are not prompted to enter the password of the encrypted partiton anymore. But wait. How do you mount it manually later as you needed? Read ahead!

To mount the encrypted partition manually, open Terminal and type

/etc/init.d/boot.crypto start /dev/disk/by-id/<Device ID here>

In this example, the device ID is ata-ST31AS_5LS2T3NW-part4. Therefore, the command would look like

/etc/init.d/boot.crypto start /dev/disk/by-id/ata-ST31AS_5LS2T3NW-part4

After you press enter, you will be prompted to enter the encrypted partition’s password. Now if you open Dolphin (File Manager), you can see the encrypted LUKS partition unlocked and appears on the left sidebar.

If you click on it you’ll be prompted to enter the root password in order to mount it, so that you can access it.

But wait! That’s not the end of the story.

Like you unlocked and mounted the encrypted partition, you must do the reverse before shutting down. First unmount the partition through Dolphin by right clicking on the volume and choosing unmount (or as explained below) and lock the encrypted partition again before shutting down. Read ahead.

First of all you have to determine in which location the partition gets mounted after you’ve unlocked it and mounted it using Dolphin. To find out the mount point, type,

mount

If you have already mounted the partition using Dolphin you can find something like the one shown below, in the last lines of the output of the above command.

/dev/dm-0 on /media/disk type ext4 (rw,nosuid,nodev)

In this example, /dev/dm-0 indicates the mount point.

Note:-

You have to unmount it either manually (using Dolphin or using umount as discusssed below) or let Linux do it automatically (discussed below) and lock the crypto partition ( discussed below ), before shutting down.

After you have idenfitied the mount point (shown above), to unmount and lock the crypto partition again use the following commands respectively in the same order.

umount /dev/<mount point here>
/etc/init.d/boot.crypto stop /dev/disk/by-id/<device id here>

In this example, the command would look like

umount /dev/dm-0
/etc/init.d/boot.crypto stop /dev/disk/by-id/ata-ST31AS_5LS2T3NW-part4

It’s unlikely that you would want to do it manually. To let linux take care of this at the time of shutting down, you have to add these commands to the file /etc/init.d/halt.local (discussed below)

To do that, open Terminal and type

sudo vi /etc/init.d/halt.local

and as shown below, add line numbers 15 & 16 found here to the end of the file halt.local (with the device ID and mount point corresponding to your drive)

#! /bin/sh
#
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.  All rights reserved.
#
# Author: Werner Fink <werner@suse.de>, 1998
#         Burchard Steinbild, 1998
#
# /etc/init.d/halt.local
#
# script with local commands to be executed from init on system shutdown
#
# Here you should add things, that should happen directly before shuting
# down.
#
umount /dev/dm-0 #note that dm-0 indicates the mount point which is determined as discussed previously
/etc/init.d/boot.crypto stop /dev/disk/by-id/ata-ST31AS_5LS2T3NW-part4 #replace this device ID with yours which is determined as discussed above

save and exit the vi editor. After you have done this you can safely shutdown openSuSE without having to worry about unmounting the LUKS partitions.

If you have multiple LUKS partitions, follow the same procedure. Now the files will have multiple entries instead of one. It makes no difference.

Please leave a comment if this tutorial was useful to you or if you have any suggestion on improving this article

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: