Attempting to improve laptop security using luks encrypted home partition. Summary: root is a non-starter - /home can be made to work via custom rc.local but not cleanly using /etc/crypttab. Details: Been struggling with this - sure could use some help. After much reading and fiddlingI gave up trying to get fedora working with luks dm-crypted root as it seems there are limitations with mkinitrd or something. Instead I have swap (which does work aside from a resume error on boot) and encrytped /home which is a problem and is not working quite right. I cannot get machine to boot correctly and mount /home using the standard /etc/crypttab /etc/fstab files. If anyone can help I'd be very grateful - I know this should work - a friend with ubuntu has root encrypted and it runs no prob - so I just need help with the fedora magic. Here's what is going on. I created luks encrypted /home - put info in /etc/crypttab. Set fstab to now mount /dev/mapper/XX onto /home. Hand mounts all work fine. So far so good. Now try booting. First problem was if fstab has fsck on - then on booting the /etc/crypttab triggers a pass-phrase request - which appears to work (small yay) - next fsck fails with bad superblock error. I suspect the fsck is done on /dev/sdaX instead of /dev/mapper/xx. Obvisously this cannot work. Q) what needs changing to fix this? I edited fstab to skip any fsck - now boot proceeds further - then it says re-mounting read write - now it prompts for pass phrase a second time (bug?). That seems to fail anyway in that /dev/mapper/xx is not created and thus the mount fails. Boot proceeds ok - but ends with no /dev/mapper/xx and /home cannot be mounted. Presumbaly a) I did something wrong (most likely?) b) fedora tools are just not ready encrytion (seems so in part) Possible things to look at: rc.sysinit, mkinitrd c) other. Given the importance of laptop security these days I do so hope this can be made to work smoothly and so would very much appreciate some help. Since I cannot get even a non-root to boot smoothly - I have a ways to go before attempting encrypted root - seems debian based distros may be ahead of us in this regard. For those interested - my work around - is to remove the /etc/crypttab file - change fstab to noauto for /home and create a custom script which does the crypto by hand - then run it out of rc.local. This gets me going but I know there is a "proper" way to do this. I just dont know what it is! If anyone is interested in all the details I can share. thanks. g/ -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list