我正在尝试将新的 LUKS 加密硬盘添加到我的 18.04 设置中。
我已经有 3 个带有 LUKS 的驱动器(其中 2 个是 RAID)并且工作正常 - 当我的计算机启动时,系统会提示我输入密码,LUKS 会被 LVM 挂载并检测到。
我在使用这个新驱动器时遇到的问题是,当我已经启动时( ),我可以手动安装 LUKS,sudo cryptdisks_start sdd1_crypt
但它只是不会在启动时安装 - 我没有收到输入密码的提示,并且在启动后该卷未安装。
我的设置:
md0_crypt UUID=82f31819-4f0e-4745-adb2-002ea8264bdb none luks,discard
sda5_crypt UUID=95ba237d-ec61-455f-b4ca-5d258b1e1798 none luks,discard
sda5_crypt UUID=02a997cf-e33a-4990-b369-fb0f5843987f none luks,discard
sdd1_crypt UUID=cfd31853-d04b-4b6a-a697-4ac15d5eb9a7 none luks,discard
sdd1_crypt
我尝试在启动时安装的驱动器在哪里?运行结果blkid
:
/dev/mapper/md0_crypt: UUID="Int6VP-Le2Z-YhAt-FgXD-M0sA-qf9i-bkH3dz" TYPE="LVM2_member"
/dev/mapper/sda5_crypt: UUID="1NNYpg-bSOL-qqXq-5e0H-RPCC-z53a-K2wmt4" TYPE="LVM2_member"
/dev/mapper/vg--primary-root: UUID="31bb6097-9b15-44a0-80bd-8069b0fa38f1" TYPE="ext4"
/dev/sda1: UUID="66254139-68eb-4ff1-907f-2ab59e2f44f1" TYPE="ext4" PARTUUID="224d3265-01"
/dev/sda5: UUID="95ba237d-ec61-455f-b4ca-5d258b1e1798" TYPE="crypto_LUKS" PARTUUID="224d3265-05"
/dev/sdb1: UUID="30d02b9a-91d7-f714-3215-ea30a9dd68dc" UUID_SUB="07cc112e-275e-be6b-0aea-3b32ce6fe77e" LABEL="sunblaze:0" TYPE="linux_raid_member" PARTUUID="eafaf0f2-01"
/dev/sdc1: UUID="30d02b9a-91d7-f714-3215-ea30a9dd68dc" UUID_SUB="41b67e4b-0238-5a92-24ff-2c3f5e517f73" LABEL="sunblaze:0" TYPE="linux_raid_member" PARTUUID="eafaf0f2-01"
/dev/sdd1: UUID="cfd31853-d04b-4b6a-a697-4ac15d5eb9a7" TYPE="crypto_LUKS" PARTUUID="558ca513-01"
/dev/md0: UUID="82f31819-4f0e-4745-adb2-002ea8264bdb" TYPE="crypto_LUKS"
/dev/mapper/vg--primary-swap: UUID="ef2a221c-aa2a-4d22-9b54-575369d1b30a" TYPE="swap"
/dev/mapper/vg--primary-var: UUID="d09b7b0e-d9b5-4542-b41c-e23c8a6e6a2d" TYPE="ext4"
/dev/mapper/vg--primary-home: UUID="f1663dec-808f-4dbe-a7ac-a57da086db0d" TYPE="ext4"
/dev/mapper/vg--primary-tmp: UUID="d8a314e4-29b0-4f04-b0be-249da807f78f" TYPE="ext4"
更新update-initramfs -u -k all
我的crypttab
.
看来我需要做一些事情来在sdd1_crypt
开始时触发密码提示,类似于我收到提示md0_crypt
和sda5_crypt
,但我不知道是什么。
`/etc/fstab 的内容”
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/vg--primary-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=66254139-68eb-4ff1-907f-2ab59e2f44f1 /boot ext4 defaults 0 2
/dev/mapper/vg--primary-home /home ext4 defaults 0 2
/dev/mapper/vg--primary-tmp /tmp ext4 defaults 0 2
/dev/mapper/vg--primary-var /var ext4 defaults 0 2
/dev/mapper/vg--primary-swap none swap sw 0 0
#/dev/mapper/vg--secondary-backups /backups ext4 defaults 0 2
当我加载注释掉的最后一行(驻留在我尝试加密并在启动时加载的新磁盘上的卷)时,我看到了这一点journalctl -b
(它看起来很高兴,但没有提及sdd1_crypt
:
Dec 11 18:08:30 server systemd[1]: Starting Cryptography Setup for sda5_crypt...
Dec 11 18:08:30 server systemd-cryptsetup[945]: Volume sda5_crypt already active.
Dec 11 18:08:30 server systemd-fsck[933]: /dev/mapper/vg--primary-home: clean, 707048/39321600 files, 146443846/157286400 blocks
Dec 11 18:08:30 server systemd[1]: Reached target Sound Card.
Dec 11 18:08:30 server systemd[1]: Activating swap /dev/mapper/vg--primary-swap...
Dec 11 18:08:30 server systemd[1]: Created slice system-lvm2\x2dpvscan.slice.
Dec 11 18:08:30 server kernel: Adding 19529724k swap on /dev/mapper/vg--primary-swap. Priority:-2 extents:1 across:19529724k FS
Dec 11 18:08:30 server systemd[1]: Starting LVM2 PV scan on device 253:5...
Dec 11 18:08:30 server lvm[947]: 5 logical volume(s) in volume group "vg-primary" now active
Dec 11 18:08:30 server systemd[1]: Starting LVM2 PV scan on device 253:0...
Dec 11 18:08:30 server systemd[1]: Starting Cryptography Setup for md0_crypt...
Dec 11 18:08:30 server systemd-cryptsetup[952]: Volume md0_crypt already active.
Dec 11 18:08:30 server systemd[1]: Activated swap /dev/mapper/vg--primary-swap.
Dec 11 18:08:30 server systemd[1]: Started File System Check on /dev/mapper/vg--primary-tmp.
Dec 11 18:08:30 server lvm[950]: 5 logical volume(s) in volume group "vg-primary" now active
Dec 11 18:08:31 server systemd[1]: Started File System Check on /dev/mapper/vg--primary-home.
Dec 11 18:08:31 server systemd[1]: Started File System Check on /dev/disk/by-uuid/66254139-68eb-4ff1-907f-2ab59e2f44f1.
Dec 11 18:08:31 server systemd[1]: Started File System Check on /dev/mapper/vg--primary-var.
Dec 11 18:08:31 server systemd[1]: Started Cryptography Setup for sda5_crypt.
Dec 11 18:08:31 server systemd[1]: Started LVM2 PV scan on device 253:5.
Dec 11 18:08:31 server systemd[1]: Started LVM2 PV scan on device 253:0.
Dec 11 18:08:31 server systemd[1]: Started Cryptography Setup for md0_crypt.
Dec 11 18:08:31 server systemd[1]: Started File System Check Daemon to report status.
Dec 11 18:08:31 server systemd[1]: Reached target Local Encrypted Volumes.
Dec 11 18:08:31 server systemd[1]: Mounting /var...
Dec 11 18:08:31 server systemd[1]: Mounting /boot...
Dec 11 18:08:31 server kernel: EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)
Dec 11 18:08:31 server systemd[1]: Mounting /home...
Dec 11 18:08:31 server systemd[1]: Mounting /tmp...
Dec 11 18:08:31 server systemd[1]: Reached target Swap.
Dec 11 18:08:31 server systemd[1]: Mounted /boot.
Dec 11 18:08:31 server systemd[1]: Mounted /var.
Dec 11 18:08:31 server kernel: EXT4-fs (dm-2): mounted filesystem with ordered data mode. Opts: (null)
Dec 11 18:08:31 server kernel: EXT4-fs (dm-3): mounted filesystem with ordered data mode. Opts: (null)
Dec 11 18:08:31 server systemd[1]: Mounted /home.
Dec 11 18:08:31 server systemd[1]: Mounted /tmp.
当我取消注释 中的最后一行时fstab
,我得到(没有提及sdd1_crypt
,但 lvm 安装失败,如预期):
Dec 11 20:13:02 server systemd[1]: Starting Cryptography Setup for md0_crypt...
Dec 11 20:13:02 server systemd-cryptsetup[934]: Volume md0_crypt already active.
Dec 11 20:13:02 server systemd[1]: Started Cryptography Setup for md0_crypt.
Dec 11 20:13:02 server systemd[1]: Reached target Local Encrypted Volumes.
Dec 11 20:13:02 server systemd-fsck[883]: /dev/sda1: clean, 321/61056 files, 51240/243968 blocks
Dec 11 20:13:02 server systemd[1]: Started File System Check on /dev/disk/by-uuid/66254139-68eb-4ff1-907f-2ab59e2f44f1.
Dec 11 20:13:02 server systemd[1]: Mounting /boot...
Dec 11 20:13:02 server systemd-fsck[896]: /dev/mapper/vg--primary-var: clean, 14762/6111232 files, 2194249/24413184 blocks
Dec 11 20:13:02 server systemd-fsck[931]: /dev/mapper/vg--primary-tmp: clean, 15/6111232 files, 530078/24413184 blocks
Dec 11 20:13:02 server systemd-fsck[930]: /dev/mapper/vg--primary-home: clean, 707046/39321600 files, 146447102/157286400 blocks
Dec 11 20:13:03 server systemd[1]: Mounted /boot.
Dec 11 20:13:03 server kernel: EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)
Dec 11 20:13:03 server systemd-udevd[579]: Process '/usr/sbin/alsactl -E HOME=/run/alsa restore 1' failed with exit code 99.
Dec 11 20:13:03 server systemd[1]: Started File System Check on /dev/mapper/vg--primary-var.
Dec 11 20:13:03 server systemd[1]: Mounting /var...
Dec 11 20:13:03 server systemd[1]: Started File System Check on /dev/mapper/vg--primary-tmp.
Dec 11 20:13:03 server systemd[1]: Mounting /tmp...
Dec 11 20:13:03 server systemd[1]: Started File System Check on /dev/mapper/vg--primary-home.
Dec 11 20:13:03 server systemd[1]: Mounting /home...
Dec 11 20:13:03 server systemd[1]: Mounted /tmp.
Dec 11 20:13:03 server kernel: EXT4-fs (dm-4): mounted filesystem with ordered data mode. Opts: (null)
Dec 11 20:13:03 server kernel: input: HDA NVidia HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:03.0/0000:01:00.1/sound/card2/input5
Dec 11 20:13:03 server kernel: input: HDA NVidia HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:03.0/0000:01:00.1/sound/card2/input6
Dec 11 20:13:03 server kernel: input: HDA NVidia HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:03.0/0000:01:00.1/sound/card2/input7
Dec 11 20:13:03 server kernel: input: HDA NVidia HDMI/DP,pcm=9 as /devices/pci0000:00/0000:00:03.0/0000:01:00.1/sound/card2/input8
Dec 11 20:13:03 server systemd-udevd[569]: Process '/usr/sbin/alsactl -E HOME=/run/alsa restore 2' failed with exit code 99.
Dec 11 20:13:03 server systemd[1]: Mounted /var.
Dec 11 20:13:03 server systemd[1]: Starting Load/Save Random Seed...
Dec 11 20:13:03 server kernel: EXT4-fs (dm-2): mounted filesystem with ordered data mode. Opts: (null)
Dec 11 20:13:03 server systemd[1]: Mounting Mount unit for core, revision 5742...
Dec 11 20:13:03 server systemd[1]: Starting Flush Journal to Persistent Storage...
Dec 11 20:13:03 server systemd[1]: Mounting Mount unit for skype, revision 70...
Dec 11 20:13:03 server systemd[1]: Started Read required files in advance.
Dec 11 20:13:03 server systemd[1]: Starting Load/Save RF Kill Switch Status...
Dec 11 20:13:03 server kernel: EXT4-fs (dm-3): mounted filesystem with ordered data mode. Opts: (null)
Dec 11 20:13:03 server systemd[1]: Mounting Mount unit for skype, revision 68...
Dec 11 20:13:03 server systemd[1]: Mounting Mount unit for skype, revision 69...
Dec 11 20:13:03 server systemd[1]: Mounting Mount unit for core, revision 6034...
Dec 11 20:13:03 server systemd[1]: Mounting Mount unit for anbox-installer, revision 24...
Dec 11 20:13:03 server systemd[1]: Mounting Mount unit for core, revision 5897...
Dec 11 20:13:03 server systemd[1]: Mounted /home.
Dec 11 20:13:03 server systemd-journald[538]: Time spent on flushing to /var is 537.656ms for 1026 entries.
Dec 11 20:13:03 server systemd-journald[538]: System journal (/var/log/journal/3c456b619f154ed49e48efc89fa0e55e) is 3.9G, max 4.0G, 15.8M free.
Dec 11 20:13:07 server kernel: snd_hda_intel 0000:00:1b.0: azx_get_response timeout, switching to polling mode: last cmd=0x300f0000
Dec 11 20:13:07 server kernel: snd_hda_intel 0000:00:1b.0: No response from codec, disabling MSI: last cmd=0x300f0000
Dec 11 20:13:03 server systemd[1]: Mounted Mount unit for anbox-installer, revision 24.
Dec 11 20:13:03 server systemd[1]: Mounted Mount unit for skype, revision 68.
Dec 11 20:13:03 server systemd[1]: Mounted Mount unit for core, revision 5742.
Dec 11 20:13:03 server systemd[1]: Mounted Mount unit for core, revision 6034.
Dec 11 20:13:03 server systemd[1]: Mounted Mount unit for skype, revision 69.
Dec 11 20:13:03 server systemd[1]: Mounted Mount unit for skype, revision 70.
Dec 11 20:13:03 server systemd[1]: Started Load/Save Random Seed.
Dec 11 20:13:03 server systemd[1]: Mounted Mount unit for core, revision 5897.
Dec 11 20:13:03 server systemd[1]: Started Load/Save RF Kill Switch Status.
Dec 11 20:13:06 server systemd[1]: Started Flush Journal to Persistent Storage.
Dec 11 20:13:07 server kernel: snd_hda_intel 0000:00:1b.0: Codec #3 probe error; disabling it...
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: autoconfig for ALC888: line_outs=4 (0x14/0x15/0x16/0x17/0x0) type:line
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: speaker_outs=0 (0x0/0x0/0x0/0x0/0x0)
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: hp_outs=1 (0x1b/0x0/0x0/0x0/0x0)
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: mono: mono_out=0x0
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: dig-out=0x1e/0x0
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: inputs:
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: Rear Mic=0x18
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: Front Mic=0x19
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: Line=0x1a
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: CD=0x1c
Dec 11 20:13:07 server kernel: snd_hda_codec_realtek hdaudioC0D2: dig-in=0x1f
Dec 11 20:13:07 server kernel: input: HDA Intel MID Rear Mic as /devices/pci0000:00/0000:00:1b.0/sound/card0/input9
Dec 11 20:13:07 server kernel: input: HDA Intel MID Front Mic as /devices/pci0000:00/0000:00:1b.0/sound/card0/input10
Dec 11 20:13:07 server kernel: input: HDA Intel MID Line as /devices/pci0000:00/0000:00:1b.0/sound/card0/input11
Dec 11 20:13:07 server kernel: input: HDA Intel MID Line Out Front as /devices/pci0000:00/0000:00:1b.0/sound/card0/input12
Dec 11 20:13:07 server kernel: input: HDA Intel MID Line Out Surround as /devices/pci0000:00/0000:00:1b.0/sound/card0/input13
Dec 11 20:13:07 server kernel: input: HDA Intel MID Line Out CLFE as /devices/pci0000:00/0000:00:1b.0/sound/card0/input14
Dec 11 20:13:07 server kernel: input: HDA Intel MID Line Out Side as /devices/pci0000:00/0000:00:1b.0/sound/card0/input15
Dec 11 20:14:31 server systemd[1]: dev-mapper-vg\x2d\x2dsecondary\x2dbackups.device: Job dev-mapper-vg\x2d\x2dsecondary\x2dbackups.device/start timed out.
Dec 11 20:14:31 server systemd[1]: Timed out waiting for device dev-mapper-vg\x2d\x2dsecondary\x2dbackups.device.
Dec 11 20:14:31 server systemd[1]: Dependency failed for /backups.
Dec 11 20:14:31 server systemd[1]: Dependency failed for Local File Systems.
Dec 11 20:14:31 server systemd[1]: Dependency failed for Clean up any mess left by 0dns-up.
Dec 11 20:14:31 server systemd[1]: dns-clean.service: Job dns-clean.service/start failed with result 'dependency'.
Dec 11 20:14:31 server systemd[1]: local-fs.target: Job local-fs.target/start failed with result 'dependency'.
Dec 11 20:14:31 server systemd[1]: local-fs.target: Triggering OnFailure= dependencies.
Dec 11 20:14:31 server systemd[1]: backups.mount: Job backups.mount/start failed with result 'dependency'.
Dec 11 20:14:31 server systemd[1]: Dependency failed for File System Check on /dev/mapper/vg--secondary-backups.
Dec 11 20:14:31 server systemd[1]: systemd-fsck@dev-mapper-vg\x2d\x2dsecondary\x2dbackups.service: Job systemd-fsck@dev-mapper-vg\x2d\x2dsecondary\x2dbackups.service/start failed with result 'dependency'.
Dec 11 20:14:31 server systemd[1]: dev-mapper-vg\x2d\x2dsecondary\x2dbackups.device: Job dev-mapper-vg\x2d\x2dsecondary\x2dbackups.device/start failed with result 'timeout'.
Dec 11 20:14:31 server systemd[1]: Starting ebtables ruleset management...
Dec 11 20:14:31 server systemd[1]: Starting Set console font and keymap...
Dec 11 20:14:31 server systemd[1]: Starting Enable support for additional executable binary formats...
Dec 11 20:14:31 server systemd[1]: Closed Syslog Socket.
Dec 11 20:14:31 server systemd[1]: Reached target Printer.
Dec 11 20:14:31 server systemd[1]: Started Stop ureadahead data collection 45s after completed startup.
Dec 11 20:14:31 server systemd[1]: Reached target Login Prompts.
Dec 11 20:14:31 server systemd[1]: Starting Set console scheme...
Dec 11 20:14:31 server systemd[1]: Reached target Timers.
Dec 11 20:14:31 server systemd[1]: Reached target Paths.
Dec 11 20:14:31 server systemd[1]: Starting AppArmor initialization...
答案1
您crypttab
有两个有sda5_crypt
名称的设备。看起来处理在第二个sda5_crypt
条目处停止,因此sdd1_crypt
未解锁。