Mount luks encrypted SD-Card automatically

Is there a way I can mount the Luks encrypted SD-Card automatically after reboot?
I was reading about fstab but not sure if this applies also to luks partitions on a cellphone.

2 Likes

Definitely not fstab, and using systemd’s crypt services may not be the answer either as Sailfish expects it to be mounted by the user via udisks2.
I couldn’t find an easy way myself, but happy to try again if anybody has a good strategy.

1 Like

@olf made a package for this, but unfortunately it doesn’t work on sfos 4.2
For more info:
https://openrepos.net/node/10496

3 Likes

Changes in SailfishOS 4 broke crypto-sdcard in (at least) three ways. Two breakages have been fixed, for the third one I have an idea what could be the cause.

But In became tired of this, because there seem to be only about 5 users of crypto-sdcard and such breakages are regularly happening lately with new SailfishOS releases (that was not the case with SailfishOS 2.x and early 3.x releases).
As long as I see no incentive to upgrade my “production-phone” to SailfishOS 4.x (there are too many things broken for me), I rather care about things which are more fun (e.g., Patchmanager).

But I can assure you, that crypto-sdcard is (still) designed correctly (i.e., there is no easier, proper way of achieving this, even though it may seem complicated on first sight) and I am sure willing to review and integrate contributions.

BTW, years ago Jolla stated they have auto-mounting encrypted (partitions on) SD-card on their ToDo list and to me the manual mounting was only an intermediate step to achieve this (IMO manual mounting is useless), but … it is Jolla.
They also have the ability to use their mechanisms to unlock and mount the encrypted home partition using a user-supplied passphrase (which is a proper solution); but this code is proprietary, so crypto-sdcard cannot use these mechanisms. Only with a self-compiled SailfishOS (i.e., a “community port”) one can change these things for the better by completely re-designing and re-writing this functionality, as rinigus did.

So either wait for Jolla to provide a solution or contribute a fix for crypto-sdcard on SailfishOS 4.

3 Likes

Only 5 downloads? I propose a name change for crypto-sdcard | OpenRepos.net — Community Repository System into SDCard LUKS Automounter or similar as through online search I never found the tool.

I wish I could help fix the issue but I lack some knowledge. What I could do is make a donation to your favourite charity in your name when you complete the new release :blush:

Only 5 downloads?

No, this is not what I wrote. Please read more thoroughly. BTW, it has a few hundred downloads.

I propose a name change for crypto-sdcard | OpenRepos.net — Community Repository System into SDCard LUKS Automounter or similar as through online search I never found the tool.

Please improve your skills using common internet search machines, then: For the search terms “sailfish os sd card encryption” and similar ones, it is always among the first five hits.

I wish I could help fix the issue but I lack some knowledge.

Well, one’s knowledge is something one can improve by learning and doing. :wink:

But In became tired of this, […]
So either wait for Jolla to provide a solution or contribute a fix for crypto-sdcard on SailfishOS 4.

What I could do is make a donation to your favourite charity in your name when you complete the new release :blush:

LOL. :stuck_out_tongue_winking_eye:

I have a systemd unit to do this if you’re interested. It’s DIY though and used on SFOS 4.1.

ThenI would be the 6th user. But unfortunately for this case, I am on SFOS 4.4.0.64.
I am tinkering an entire /home auto-backup thing on an encrypted uSD card.

So what’s the best way now to auto-mount an encrypted uSD at boot now?
A system service launching a terminal who asks for a password?
Just a notification to remind the user doing it manually?

“show me what you gooot”

1 Like

a systemd-userunit triggering cryptsetup with a keyfile from within an encrypted user-home plus a triggred sudo-cmd to remount the sd would be sufficient, i guess

1 Like

I sidestepped udev completely and created a semi-flexible solution involving two systemd services:

To whom it may concern.

2 Likes