Why my encrypted LVM volume (LUKS device) won't mount at boot time?
You have to pay attention to UUIDs . For instance, this is my configuration:
# lsblk -o name,uuid,mountpoint
├─sda2 727fa348-8804-4773-ae3d-f3e176d12dac
│ └─sda2_crypt (dm-0) P1kvJI-5iqv-s9gJ-8V2H-2EEO-q4aK-sx4aDi
│ ├─debian_crypt-swap (dm-1) 3f9f24d7-86d1-4e21-93e9-f3c181d05cf0 [SWAP]
│ ├─debian_crypt-tmp (dm-2) 93fc8219-f985-45fb-bd5c-2c7940a7512d /tmp
│ ├─debian_crypt-home (dm-3) 12e8566c-8f0f-45ec-8524-6d9d9ee91eae /home
│ └─debian_crypt-root (dm-4) 9685570b-4c9e-43ea-815e-49d10dc7a1bf /
I have one encrypted partition (sda2) with 4 volumes (LVM). What I need is to set two UUIDs in the right files. The sda2 UUID goes to /etc/crypttab
and the volume UUID (for example debian_crypt-root) goes to /etc/fstab
.
So, it would be:
# cat /etc/crypttab
sda2_crypt UUID=727fa348-8804-4773-ae3d-f3e176d12dac none luks
# cat /etc/fstab
UUID=9685570b-4c9e-43ea-815e-49d10dc7a1bf / ext4 defaults,errors=remount-ro 0 1
After changing the /etc/crypttab
file, you have to rebuild initramfs:
# update-initramfs -u -k all
NOTE
The package cryptsetup
has to be installed because it has startup scripts which provide support for automounting encrypted volumes at boot.
Why bother to mention this? Well, if you setup LVM during the installation Debian Wheezy installs packages cryptsetup-bin, libcryptsetup4
and lvm2
but not cryptsetup
, thus you have the tools to setup LVM & LUKS devices but not the scripts necessary to mount LUKS devices at boot time. Those come in the package cryptsetup.