On 01/16/2012 03:48 PM, Marc Schwarzschild wrote:
I am setting up an external USB encrypted drive. I can mount it manually after I boot the computer. I understand that I must issue the 'cryptsetup luksClose' after I umount the disk. How do I arrange for this as part of the Debian halt process so it happens automatically when the server is shutdown?
It is not cryptsetup job, it should be part of initscripts/systemd to correctly unmap active devices on shutdown. (Usually it tries to unmap all crypto disks except device with root fs which is just remounted read-only. Recent systemd is able to unmouteven root device properly.) For hot-plugged disks it is usually handled by some GUI service, usually based on udisks.
What happens if there is a power failure and 'cryptsetup luksClose' was not executed?
For LUKS, no need to worry after power failure - luksClose just remove kernel mapping (kernel state) it doesn't touch on-disk metadata at all. (Of course there can be some filesystem damage after power failure, but that's not LUKS related, it can happen even for unencrypted fs.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
