1 Reply Latest reply: Sep 20, 2012 2:14 PM by Dude! RSS

    Passwordless booting using encrypted drives with key on USB

    963391
      Hi All,

      We are using Oracle Linux 6u3 x64 and installed it with encryption on all drives/lvm's. Upon bootup the system prompts for the password and boots just fine. However, the customer would like it to boot up w/o manually entering the password. I have done this with thier Ubuntu servers by following this link: http://askubuntu.com/questions/59487/how-to-configure-lvm-to-autodecrypt-partition which works fine for Ubuntu but doesn't work on Oracle Linux. In the /etc/crypttab for these directions they have cryptsetup executing a script (program) called passdev but I don't see that script (or any) on my Oracle Linux boxes. Is this even possible in OEL 6u3?

      Thanks, Danté
        • 1. Re: Passwordless booting using encrypted drives with key on USB
          Dude!
          According to the crypttab(5) man page or OL 6.3:

          The third field specifies the encryption password.  If the field is not present or the password is set to none, the password has to be manually entered during system boot.  Otherwise the field is interpreted as a path to a file containing the encryption password.

          USB devices names are usually dynamic, depending on mount order and other mounted devices. Perhaps that is your problem.

          You can add a an entry in an UDEV rules to specify a specific mount-point for a device. For instance:

          Use the "blkid" utility to obtain the UUID of the USB device. e.g.

          636c77b3-fc03-409c-bc95-4b22106a4faa

          Create a directory for the USB mount point:

          mkdir /mnt/usbcrypt

          Update crypttab accordingly

          Create /etc/udev/rules.d/80-usbmount.rules with following content:

          <pre>
          SUBSYSTEM=="block", ENV{ID_FS_UUID}=="636c77b3-fc03-409c-bc95-4b22106a4faa", RUN+="/bin/mount -U %E{ID_FS_UUID} /mnt/usbcrypt"
          </pre>