1

So I've got Ubuntu 24.04 installed on a 1TB SSD and it has full disk encryption using LUKS which I did during installation of the OS, and so this is my home drive with home folder and OS. Now I've a 2TB internal HDD which is fully encrypted using LUKS as well, this will simply be my storage drive so when I run out of space on my SSD I'll simply move files over to the HDD.

How do I get my fully encrypted HDD to auto mount on log in? Oh and the password I used for my SSD is the same password I used for the HDD as well. I just want the HDD to auto mount on log in is all. Thanks.

Edit: I'm a newbie so can someone just create a detailed step by step tutorial for me to follow please?

Edit #2: I'm being told on Reddit that since my boot drive and secondary drive share the same password that I don't need a keyfile that I just need to do the fstab and crypttab setup and that this can be done using a GUI. Ok but what GUI, and how exactly do I do this? Can I get some second opinions please?

SpaceX
  • 155

1 Answers1

0

Follow the instructions in this answer here but skip part 2 (moving your /home partition). Essentially, you use a password to decrypt your boot drive then use a keyfile on your boot drive to decrypt your secondary drive (so you don't need to type a password twice). Then the decrypted drive is mounted like normal.

Relevant instructions from the linked post. This assumes your secondary disk is already LUKS encrypted and replace /dev/sd?X with the partition, e.g. /dev/sda1:

First you’ll need to create a keyfile, which acts as a password for your secondary drive, and so that you don’t have to type in every time you start up (like your primary hard drive encryption password).

sudo dd if=/dev/urandom of=/root/.keyfile bs=1024 count=4
sudo chmod 0400 /root/.keyfile
sudo cryptsetup luksAddKey /dev/sd?X /root/.keyfile

Once the keyfile has been created, add the following lines to /etc/crypttab using nano

sudo nano /etc/crypttab

Add this line, save & close the file (/etc/crypttab).

sd?X_crypt UUID=<device UUID> /root/.keyfile luks,discard

To get your parition’s UUID to enter into the /etc/crypttab file, use this command (you need to use sudo it so that all of your partitions show up):

sudo blkid

The value you want is the UUID of /dev/sd?X, not dev/mapper/sd?X_crypt. Also make sure to copy the UUID, not the PARTUUID.

Okay, at this point (closed & saved /etc/crypttab file), you should be able to login to your Ubuntu install (entering your primary drive decryption password) and it should decrypt BOTH your primary and secondary drives.

Reboot and check to see if this (daisy-chain decrypt) is in fact is the case. If the secondary drive is automatically decrypted, when you choose “Other Locations” the second drive should show up in the list and have a lock icon on it, but the icon should be unlocked.

nemec
  • 171