I have a second disk
/dev/sdX for my data supposed to be different from the QubesOS System disk.
I would like this data disk to be only unencrypted when I start my AppVM and not before.
I use cryptsetup and Luks for encryption and the AppVM run on Fedora30.
qvm-block attach --persistent AppVM dom0:sdX
- create a keyfile to unencrypt the dev and create mapper
- mount the mapper to destination folder
sudo mount /dev/mapper/xvdi_crypt /mount/point
These 3 steps work perfectly if I execute them via command line (CLI).
However, I would like the disk to be mounted when AppVM starts.
On a default Linux I would create:
- /etc/crypttab to create the mapper (giving keyfile as entry + mapper_name)
- /etc/fstab to mount the disk at start
I made sure to have these 2 files persistent in /rw/config
Now, if I try a
sudo mount -a
mount: /mount/point: special device /dev/mapper/xvdi_crypt does not exist.
It looks like the crypttab is not used.
What am I missing? Do I have alternative (running a cron when start AppVM to execute CLI?)
Thank you for your help!