On 24/12/2018 10:02, cristiano prato wrote: > Hello, I am using dm-crypt to decrypt a veracrypt partition which > hosts an outer volume and an inner volume. Typically, when I decrypt > them at runtime using the veracrypt command line, either the outer or > the inner volume gets decrypted depending on the inserted password. > But it seems to me that using the crypttab file I have to explicitly > use the tcrypt-veracrypt option to decrypt the outer volume, or the > tcrypt-hidden option to decrypt the inner volume, and there is no way > to dynamically choose between them using the associated password. Am > I right? Is there another way to automatically mount the desired > volume at boot? Yes, you are right. There is no automatic selection of encrypted area according to passphrase. You can probably implement an initramfs script that will do this for you though (just try to unlock it with different switches). (Crypttab options are not handled by cryptsetup but systemd-cryptsetup; anyway, crypttab options usually directly map to libcryptsetup options.) It is probably not so complicated to implement it internally but it unlocking can take very long time (Veractypt uses very high iteration counts), this option would double it (for unsuccessful attempt). When I implemented tcrypt support, TrueCrypt/VeraCrypt compatibility was meant just as an alternative format compatibility option, few things were simplified to fit cryptsetup CLI. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
