Automatically Mount Encrypted Data Partitions

So I’ve recently decided to give myself an encrypted partition /ssd-backup where I can safely backup my OS. If I brick the system it’s easily accessible and the backup process is super quick off the hard drive.

I ran into an issue where the system wouldn’t be able to mount it as it boots and I was met with the following error:

[  TIME  ] Timed out waiting for device /dev/disk/by-label/backup
[DEPEND] Dependency failed for /ssd-backup
[DEPEND] Dependency failed for Local File Systems

I’d checked /dev/disk/by-label and there was no device labelled backup. I changed /etc/fstab to mount off the device id instead, nothing worked. I settled to deleting the entry off /etc/fstab and it boots fine! Then I just have to mount once the system is booted. It ain’t broke so no need to fix it, but I think the issue was due to the encryption on the drive.

My issue is that I’m looking to make an encrypted swap partition so I can hibernate the system. This is more of an issue, as I’ll need that partition to mount successfully on every boot in order to restore the session.

So my question is, how do I set this up in /etc/fstab (or elsewhere) so it mounts and decrypts a LUKS encrypted drive on startup? While I’m at it, I may aswell try fix the backup partiton so this auto-mounts aswell, although this is non-essential.

Thanks for any help!

There are a few different ways to label disks, see fstab - ArchWiki. Please post your current /etc/fstab.

There is currently no entry for the backup partition

# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=DE0D-CC70                                          /boot/efi     vfat   umask=0077   0 2
/dev/mapper/luks-8a642ee6-37cd-43f6-b264-c70d8f3b6c30   /             ext4   noatime      0 1
/swapfile none swap defaults 0 0

The partitions relevant here are nvme0n1p3 & nvme0n1p4

NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1                                       259:0    0 238.5G  0 disk  
├─nvme0n1p1                                   259:1    0   680M  0 part  /boot/efi
├─nvme0n1p2                                   259:2    0 123.2G  0 part  
│ └─luks-8a642ee6-37cd-43f6-b264-c70d8f3b6c30 254:0    0 123.2G  0 crypt /
├─nvme0n1p3                                   259:3    0    40G  0 part  
│ └─luks-8612b20c-f954-49c8-b1b0-f46501977bba 254:1    0    40G  0 crypt /run/media/user/ssd-backup
└─nvme0n1p4                                   259:4    0    10G  0 part  
  └─luks-da18232b-98a7-43a1-b660-d2081653614f 254:2    0    10G  0 crypt /run/media/user/swap

I labeled my 1TB NVMe (nvme1n1) and my external 4TB drive (sda) storage and storage2 respectively. They are both mounted at startup.

❯ cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>

UUID=CB4E-6A9A	/boot/efi	vfat	umask=0077	0	2
tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0
UUID=cf70171e-27dd-43ec-a0b7-52a1fa96be2a	/	ext4	defaults,noatime	0	1
UUID=85a89d43-2850-40ae-aa34-e888e6bd054e       /home   ext4 defaults 0 0
LABEL=storage /mnt/storage auto nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=storage 0 0
LABEL=storage2 /mnt/storage2 auto nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=storage2 0 0
/swapfile none swap defaults 0 0
❯ lsblk
sda           8:0    0   3.6T  0 disk 
└─sda1        8:1    0   3.6T  0 part /mnt/storage2
nvme0n1     259:0    0   1.8T  0 disk 
├─nvme0n1p1 259:1    0   500G  0 part /
├─nvme0n1p2 259:2    0   1.3T  0 part /home
└─nvme0n1p3 259:3    0   513M  0 part /boot/efi
nvme1n1     259:4    0 931.5G  0 disk 
└─nvme1n1p6 259:5    0 931.5G  0 part /mnt/storage

I couldn’t quite see what you’d done there but have found a guide that mounts encrypted drives on boot. It edits /etc/fstab to refer to /etc/crypttab and I had to generate an encryption key file to unlock the LUKS drive.

I have it working on the backup partition but it seems encrypted swap partitions have their own complications

I don’t use encryption, so I can’t be of help there.

Man! Am I glad to find out I’m not the only one! I was starting to feel like a freak with my unencrypted storage here! Was worrying someone would break into my house, open my PC, take out my drives, open them and read all my un encrypted stuff!