0

I installed Ubuntu 16.04 LTS and chose to do full disk encryption as well as home dir encryption.

At startup, I'm asked Please unlock disk sda3_crypt and I have to manually enter the disk decryption password.

I there a way to auto-mount this, i.e. by specifying the password in the boot script somewhere? (not sure about the right terminology for this) I understand this would nullify any security.

Also, is it possible to retrieve the password from a remote URL, and use that to unlock the disk and continue booting automatically?

Note that I don't want to fully disable disk encryption. I wish to keep the option to re-enable it in the future. Furthermore the retrieve password remotely option (if that's possible) would allow for other possibilities, such as enabling/disabling it remotely, or preventing someone can steal the disk or machine and access it from somewhere else.

RocketNuts
  • 357
  • 2
    The linked question above contains an answer suggesting exactly what you seem to want, running a tiny script that contains the plain text password and supplies it at boot automatically. Security-wise it's like disabling the encryption completely, but it saves you the time to reinstall or migrate your system to an unencrypted drive. – Byte Commander Nov 24 '17 at 14:53
  • @user535733 No, I wish to keep the possibility to re-enable full disk encryption in the future. Also, if I can somehow modify the script to retrieve the password from a remote URL (instead of including the password explicitly) I can essentially enable or disable the auto-decryption remotely. Or I could even make this remote URL work only for my fixed IP, so if the machine or disk gets stolen, someone can't access the data. – RocketNuts Nov 24 '17 at 15:47
  • Well I thought that's why I'd explicitly ask to "auto decrypt on startup" and not just "disable". But I've added an extra alinea about this. – RocketNuts Nov 24 '17 at 16:23
  • @ByteCommander Thanks, that looked promising. However I tried the approach from the comments that was specifically for 16.04.3 (which I also have) and upon rebooting I now get some kind of kernel panic error dump, and it stops completely (no interaction or option to do anything). Also tried booting in recovery mode, same. Did I just destroy my installation? – RocketNuts Nov 24 '17 at 16:49
  • What exactly did you do? Please give as much information as possible, like a screenshot from the kernel panic and what files you edited and their current content etc. Either [edit] your current question to include everything and describe the new situation, or even better, post a new follow-up question with a link back to this here. I can then have a look if you notify me with another comment. – Byte Commander Nov 24 '17 at 18:13
  • @ByteCommander Have posted the new issue as a new question, thanks in advance if you have any insights – RocketNuts Nov 25 '17 at 01:23

0 Answers0