I’have manage to do all the first step, but now when I do sudo cryptsetup luksAddKey /dev/nvme0n1 /crypto_keyfile.bin I have the following error message (after entering my password) : Failed to open key file.
This is the right password because when I enter a wrong one I have this error : No key available with this passphrase..
But I handle the first disk (encrypted too) via the eos installer, and when I boot, everything works for this disk.
So I don’t understand why the /crypto_keyfile.bin doesn’t exist. Plus, the path for the keyfile in /etc/crypttab is the same
Ok, and I need a keyfile because the second drive is loaded after systemd-boot, is that right ?
Sorry for all the question but I want to understand fully what I have to do and who it works ^^
So for creating a key, I need to do : sudo dd if=/dev/urandom of=/container-key bs=512 count=8 then I need to rerun sudo cryptsetup luksAddKey /dev/nvme0n1 /container-key ?
finally I try to unlock & mount the drive at boot time
with lsblk -f I get my UUID
I add in /etc/crypttab this line samus UUID=1234 none timeout=180, here I understand that the none is for forcing a password prompt to appear and the timeout is for the prompt itself (and not for systemd)
I add in /etc/fstab this line /dev/mapper/samus /home/a2n/samus ext4 defaults 0 0
Then I reboot
The result so far is : at boot I’m ask with the two password prompt for my main disk (nvme0n1) but no prompt at all for the second drive (nvme1n1), and if I open the mount point I have the right drive mounted but in root access only.
What can I do (or have done wrong) to get my disk mounted in non root access. And why the password is not prompt ?
The password is the same across the two disk, but normally it’s only pass if the timeout option is set to none no (**) ?
** If I understand correctly the tips in the wiki : “If a device in crypttab uses a previously entered password, the third parameter can be set to none and the cached password will be automatically used.”