cryptdisks_start
Unlock encrypted block devices
SYNOPSIS
cryptdisks_start device_mapper_name | all
PARAMETERS
device_mapper_name
The device mapper name (alias) to start, as defined in `/etc/crypttab`.
all
Starts all devices listed in `/etc/crypttab`.
DESCRIPTION
The `cryptdisks_start` command is a crucial utility in Linux systems for activating and mapping Logical Volume Management (LVM) partitions encrypted using Linux Unified Key Setup (LUKS). It's commonly used during the boot process or when manually mounting encrypted storage.
The command reads configuration files (typically located in `/etc/crypttab`) to determine which LUKS partitions to unlock and how to map them to device mapper names. It prompts for passphrases if necessary and performs the necessary steps to decrypt the volume and create a device mapper entry, making the underlying logical volume accessible. The newly created device-mapper entry (e.g., `/dev/mapper/my_encrypted_volume`) can then be mounted as a regular file system.
Essentially, `cryptdisks_start` automates the process of unlocking LUKS volumes based on predefined configurations, which is particularly useful for maintaining encrypted root file systems and other critical data.
CAVEATS
Ensure the `/etc/crypttab` file is correctly configured; otherwise, the command may fail to unlock and map the encrypted volumes.
Incorrect entries can cause boot failures. Secure boot configuration may interfere with the passphrase prompt. Verify kernel module `dm-crypt` is loaded.
The command relies on properly configured device-mapper functionality.
CONFIGURATION FILE
The `/etc/crypttab` file defines the encrypted volumes to be managed. Each line represents a volume with fields for the device mapper name, the UUID or device path of the LUKS partition, and options for unlocking it.
Example line: `my_encrypted_volume UUID=12345678-1234-1234-1234-1234567890ab none luks`
BOOT PROCESS
This command is often integrated into the boot process via init scripts or systemd units. This is particularly relevant for systems with encrypted root filesystems. In these cases, the command needs to run before the root filesystem is mounted, requiring early userspace configuration.
EXIT CODES
The command returns an exit code indicating success (0) or failure (non-zero). Check `errno.h` for specific error codes related to failures in device mapping or unlocking processes. Check system logs using `journalctl` if the command fails.
HISTORY
The `cryptdisks_start` command evolved as part of the broader development of LUKS and device mapper technologies in Linux.
It was designed to simplify and automate the process of unlocking encrypted partitions, initially requiring manual `cryptsetup` calls and device mapper management. The adoption of systemd has largely replaced traditional init scripts where it was often used. `cryptdisks_start` is still relevant for system administrators or those needing specific control over the LUKS unlocking process outside of systemd's automated processes.
SEE ALSO
cryptdisks_stop(8), cryptsetup(8), crypttab(5)