LUKS disks fail to auto mount with key file on boot intermittently

Question

Score:0

Ubuntu

LUKS disks fail to auto mount with key file on boot intermittently

numerous

11/19/23, 7:36 PM

I'm having an intermittent issue on boot where some hard drives don't decrypt using the specified key file and I'm prompted for that drive's key on boot.

To dive a bit deeper, I'm running Ubuntu 22.04.1 LTS, and I have a number of drives encrypted using LUKS. My main drive prompts me for a decryption key on boot, and using /etc/fstab and /etc/crypttab, all the other drives should decrypt and auto-mount (drives are named for their serial numbers, which I've obscured below for privacy). Sometimes that happens just fine, and other times, I'm prompted for one or more keys despite a key file being specified.

For reference, I've included /etc/fstab below (apologies for the wacky columns):

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/vgubuntu-root /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sda3 during installation
UUID=df8de6d7-9bd0-42d9-8dee-5b6121cf16d6 /boot           ext4    defaults        0       2
# /boot/efi was on /dev/sda2 during installation
UUID=E98A-F4C3  /boot/efi       vfat    umask=0077      0       1
/dev/mapper/vgubuntu-swap_1 none            swap    sw              0       0
/dev/mapper/sdb1 /mnt/002-{{HDD Serial - obscured}} ext4 defaults 0 2
/dev/mapper/sdc1 /mnt/003-{{HDD Serial - obscured}} ext4 defaults 0 2
/dev/mapper/sdd1 /mnt/004-{{HDD Serial - obscured}} ext4 defaults 0 2
/dev/mapper/sde1 /mnt/005-{{HDD Serial - obscured}} ext4 defaults 0 2
/dev/mapper/sdf1 /mnt/006-{{HDD Serial - obscured}} ext4 defaults 0 2
/dev/mapper/sdg1 /mnt/007-{{HDD Serial - obscured}} ext4 defaults 0 2
/dev/mapper/sdh1 /mnt/008-{{HDD Serial - obscured}} ext4 defaults 0 2
/dev/mapper/sdi1 /mnt/009-{{HDD Serial - obscured}} ext4 defaults 0 2

Also, here's my /etc/crypttab file:

sda4_crypt UUID=311d4c74-cc13-4672-b0e1-f406491e89fa none luks,discard
sdb1 /dev/sdb1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks
sdc1 /dev/sdc1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks
sdd1 /dev/sdd1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks
sde1 /dev/sde1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks
sdf1 /dev/sdf1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks
sdg1 /dev/sdg1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks
sdh1 /dev/sdh1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks
sdi1 /dev/sdi1 /root/device-encryption-keys/{{HDD Serial - obscured}} luks

And finally, since someone will likely ask, root has access to the key files.

sudo ls -la /root/device-encryption-keys
total 40
drwxr-xr-x 2 root root 4096 Nov  6 20:34 .
drwx------ 6 root root 4096 Nov 15 19:16 ..
-r-------- 1 root root   77 Nov  6 19:36 {{HDD Serial - obscured}}
-r-------- 1 root root   77 Oct 31 22:30 {{HDD Serial - obscured}}
-r-------- 1 root root   77 Nov  2 10:43 {{HDD Serial - obscured}}
-r-------- 1 root root   77 Nov  6 19:43 {{HDD Serial - obscured}}
-r-------- 1 root root   77 Nov  6 19:41 {{HDD Serial - obscured}}
-r-------- 1 root root   77 Nov  6 19:35 {{HDD Serial - obscured}}
-r-------- 1 root root   77 Nov  6 19:38 {{HDD Serial - obscured}}
-r-------- 1 root root   77 Nov  6 19:32 {{HDD Serial - obscured}}

Help and suggestions are appreciated!

93

0 + 1

encryption

boot

fstab

mount

luks

LUKS disks fail to auto mount with key file on boot intermittently

Post an answer