Hello,
I have a second disk /dev/sdX
for my data supposed to be different from the QubesOS System disk.
I would like this data disk to be only unencrypted when I start my AppVM and not before.
I use cryptsetup and Luks for encryption and the AppVM run on Fedora30.
My steps:
qvm-block attach --persistent AppVM dom0:sdX
- create a keyfile to unencrypt the dev and create mapper
- mount the mapper to destination folder
sudo mount /dev/mapper/xvdi_crypt /mount/point
These 3 steps work perfectly if I execute them via command line (CLI).
However, I would like the disk to be mounted when AppVM starts.
On a default Linux I would create:
- /etc/crypttab to create the mapper (giving keyfile as entry + mapper_name)
- /etc/fstab to mount the disk at start
I made sure to have these 2 files persistent in /rw/config
Now, if I try a sudo mount -a
I get
mount: /mount/point: special device /dev/mapper/xvdi_crypt does not exist.
It looks like the crypttab is not used.
What am I missing? Do I have alternative (running a cron when start AppVM to execute CLI?)
Thank you for your help!
Hi there,
It seems I managed to solve this by:
- in dom0 terminal
qvm-block attach --persistent AppVM dom0:sdX
- edit (as root) the file
# vi /rw/config/rc.local
- in /rw/config/rc.local I added
3.1) cryptsetup -d /path/to/keyfile luksOpen /dev/xvdi xvdi_crypt
3.4) mount /dev/mapper/xvdi_crypt /mount/point
I am not sure the disk is fully encrypted (not unencrypted) for dom0?
Question: how to mark this post as “solved”?
Thank you,
1 Like
Hi there @jKER24qP welcome to the forum!
Glad you’ve managed to solve it. I would agree with you that something like that would normally be handled by /etc/fstab
. But I’m not very proficient in that.
Let me just try to rephrase the problem: auto-mounting and decrypting disk on AppVM startup
Is that correct?
I think you just did
Hi there,
Well, I first though it should be handled by /etc/fstab but it works with decryption + mount from /rw/config/rc.local
I keep it like that until I discover there is an issue with this solution
auto-mounting and decrypting disk on AppVM startup
Yes, better title for my issue - I let you edit the topic?
Thank you,
1 Like
If it ain’t broke, don’t fix it – as they say. (factoring security too)
done!