Ubuntu | How to automatically mount the encrypted drive at startup of system?

| By Webner

Solution: When you have a drive which is encrypted and password protected and you want the drive to be mounted automatically at startup below are the steps that you can use:

Step 1. Open the encrypted drive as you usually do and mount it to any location.

For Example:

# cryptsetup open /data/user datadisk
# mount /dev/loop0 /mnt/newdata

Step 2. Now you have to generate an additional key file at (un-encrypted location) with following command:

# dd if=/dev/urandom of=/boot/keyfile bs=1024 count=4

Note: dd command is to generate a file with random data.

bs=1024 count=4 is to writes 4 blocks of 1024 bytes length (= 4096 bytes in total, i.e = 4 Kbyte) of binary zeros into the file 'keyfile'.

Step 3. You must change the key file permission to read only:

# chmod 0400 /boot/keyfile

Step 4. Now you have to link the keyfile with encrypted drive as mentioned below:

# cryptsetup luksAddKey /dev/loop0 /boot/keyfile

Note: use command # lsblk and then you must locate the correct drive which is encrypted like “/dev/loop0” in my case.

Step 5. Now finally you can use the below command and place it in crontab and mark it to be executed at the time of system startup:

@reboot cryptsetup open --type luks --key-file /boot/keyfile /data/user datadisk mount /dev/loop0 /mnt/newdata

Leave a Reply

Your email address will not be published. Required fields are marked *