在 ubuntu 19.10 中我遵循了这个例子这里。密钥文件位于 USB 密钥文件系统的根目录下。 usbkey 有 uuid yyyy。是/etc/crypttab这样的:
encrypted UUID=xxxx /keyfile:UUID=yyyy luks,keyfile-timeout=60,x-systemd.device-timeout=2min
自动生成的生成器是/run/systemd/generator/[email protected]
# Automatically generated by systemd-cryptsetup-generator
[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:[email protected](8)
SourcePath=/etc/crypttab
DefaultDependencies=no
Conflicts=umount.target
IgnoreOnIsolate=true
After=cryptsetup-pre.target
Before=cryptsetup.target
RequiresMountsFor=/keyfile:UUID=yyyy
BindsTo=dev-disk-by\x2duuid-xxxx.device
After=dev-disk-by\x2duuid-xxxx.device
Before=umount.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
KeyringMode=shared
OOMScoreAdjust=500
ExecStart=/lib/systemd/systemd-cryptsetup attach 'encrypted' '/dev/disk/by-uuid/xxxx' '/keyfile:UUID=yyyy' 'luks,keyfile-timeout=60'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'encrypted'
但是,我没有在 .txt 文件中看到任何与挂载 USB 密钥相关的内容journalctl。我总是直接启动system-cryptsetup并找不到该文件。
systemd-cryptsetup[1132]: Encountered unknown /etc/crypttab option 'keyfile-timeout=60', ignoring.
systemd-cryptsetup[1132]: WARNING: Locking directory /run/cryptsetup is missing!
systemd[1]: Started File System Check Daemon to report status.
systemd-cryptsetup[1132]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/xxxx
systemd-cryptsetup[1132]: Failed to open key file.
systemd-cryptsetup[1132]: Failed to activate with key file '/keyfile:UUID=yyyy
答案1
debian 有不同的 crypttab 实现,它根本不支持标准的 systemd crypttab 格式,因此我们不能使用该示例。需要使用 debian 格式来完成。