Auto-mount encrypted partitions at boot

Mounting encrypted partitions manually can be annoying. This post will show you how to mount encrypted partitions at boot automatically.

This post is connected to the previous post, where you learned how to encrypt your hard drive in Linux with LUKS. In this post, you will learn how to mount encrypted partitions at boot automatically.

You can watch the video tutorial or continue reading below.

Set up auto-mount at boot

First, check the name of your encrypted partition.

lsblk

In this example, my encrypted partition is sdb1, depending on the configuration of your system, this name may be different

Next, obtain the UUID of the encrypted device.

sudo cryptsetup luksUUID /dev/sdb1

Now, edit /etc/crypttab:

sudo nano /etc/crypttab

By adding this line:

sdb1 /dev/disk/by-uuid/<UUID of block device> none luks

The format of the entry in /etc/crypttab is as follows.

• sdb1 is the name of the encrypted device.
• fd3c01ad-0e59-4bc1-9bda-7c61e00b36cf is the UUID we have just got.
• none means we do not use any key file and the system will ask your encryption password to decrypt the partition. So, you can also use a key file here, if your system partition is encrypted already. I personally do not encrypt my system partition and I assume most users also do not encrypt it. So, just use none here.
• luks is the disk encryption specification.

Ctrl+O to save the changes. And Ctrl+X to exit from nano editor.

Finally, create a folder where you want to mount your encrypted partition.

sudo mkdir /mnt/encrypted_sdb1

Then, edit /etc/fstab file.

sudo nano /etc/fstab

Next, add the following to add this mount point:

/dev/mapper/sdb1 /mnt/encrypted_sdb1 ext4

Let’s explain the entry:

• sdb1 is the encrypted device. If your device name different, replace sdb1.
• encrypted_sdb1 is the mounting point we have just created.

Ctrl+O to save the changes. And Ctrl+X to exit from nano editor.

Then, reboot your system.

Test the mounting during boot

Next, you will have to type a decryption password during the system boot.

After you enter it, the encrypted partition should be auto-mounted.

If I open the file manager and navigate to the place where I specified the mounting point, you will see the encrypted partition has been mounted automatically.

There are the two files we created during the encryption described in the previous post.

Now, you know how to mount encrypted partitions at boot.

Conclusion

This way to mount encrypted partitions at boot works only for LUKS encryption. If you use any other encryption method, auto-mounting settings may differ. So, I recommend using LUKS encryption that I showed in this previous post. Read it if you missed it.

You can also read 10 things to do after installing KDE Neon.