I just set up a new installation of EOS on a laptop with one SSD. I gave it 5 partitions and one of this partitions is encrypted with LUKS.
I want this partition to be encrypted all the time UNTIL I want to access it. (What I mean is when I click it in Dolphin it asks for the passphrase then gets decrypted and mounted).
But I didn’t get this kind of behavior after installation. Instead the system asks for the passphrase at startup and mounting/accessing the partition just asks for the user password because the partition is already decrypted.
Is there any way to achive what I want? Or is LUKS designed to always decrypt everything on startup?
Well, will check again tomorrow. But I’m 99% sure it said “/”
edit: Wait, something’s fishy here…just 2 entries and one is boot…but the system partition has to be in fstab, hasn’t it?
Well, anyway, have to wait 'til tomorrow
So, I checked the fstab again and ofc @dalto was right…the LUKS partition wasn’t in there, just boot & system. (Seems like I was in the wrong column when checking the UUIDs)
Anyway, googling (or duckduckgoing ) didn’t provide much for on demand encryption of LUKS partitions and since I don’t have much free time atm I decided to reinstall again without encryption and use Veracrypt later.
Thx to everybody willing to help!
BTW: Installing EOS with the online installer is so easy and quick, it’s incredible!
I still think we could have provided a quick and simple solution if you’d provided some of the asked for information. I even bet you could have solved your problem by simply adding a “#”.
I really didn’t get the impression that there’s a quick and easy solution. Also, unmounting the LUKS partition didn’t encrypt it, I could simply remount it with a single mouseclick. So I would have to find a solution for this also.
And installing EOS is really quick, takes less than 10 minutes and that already includes converting GiB to MiB so I get the partition sizes right
Anyway, thx again for trying to help but I really think that Verycrypt suits this usecase better than LUKS. I would always choose LUKS for FDE though.
But a prerequisite for autofs is that the server has the partition mounted and shared via nfs or samba.
I do not see that your use case is supported anywhere.
EDIT:
Have you considered veracrypt instead of LUKS? veracrypt is on file level. It will allow you to mount the unencrypted partiton but it will not allow access to encrypted folders until you unlock them.
OK, almost done with everything and almost everything works…but ofc there’s a new problem Don’t get me wrong, I really like Linux but sometimes it just drives me nuts
Anyway, this doesn’t seem to be a huge problem and I’m confident there’s a simple solution. Therefore I thought it’s not worth to create a new thread for this.
So, everything was working until I set up automount for 2 partitions and explicitly disabled mount on boot for the drive that gets encrypted. This worked fine and after a restart all the drives I wanted were mounted. So far, so good. Next I installed plasma-wayland-session and, after a restart, switched to Wayland. And since then, after every (re)boot, as soon as I get to the desktop udisks seems to trigger the partition and I get a password prompt to mount the partition. Why this just happens on Wayland is beyond me. Anyway, how do I get udisks to not trigger the partition after booting? Any ideas anyone?