Hi guys!
I have a Surface laptop, which I want to use again with a microSD as external storage. Since this can be easily pulled off from the laptop, I want it to be encrypted. This was encrypted before, but eventually the SD failed, and I’m trying to recreate what I had…without much success.
Steps so far… Create the LUKS volume:
cryptsetup luksFormat /dev/sda
Format in ext4 (I believe it was in Exfat with the old SD?):
#cryptsetup open /dev/sda encrypted
#mkfs.ext4 /dev/mapper/encrypted
That should do it regarding the volume creation. Now comes what I can’t quite get working. I created a pw txt file within my home folder:
/home/user/EncryptedSD.txt
Then I refer to this via /etc/crypttab at boot:
encrypted /dev/sda /home/user/EncryptedSD.txt
And my /etc/fstab should attempt to mount this on the spot:
/dev/mapper/encrypted /media/SDCard ext4 auto,nofail,rw
However, as this is set, I’m being prompted halfway through boot for the password. And I can’t type anything onto that field. Not that it matters, as it’s a really long randomly generated password, no way I could remember it.
Even if I managed to make it go through boot, I’m still prompted for mounting the drive when I clicked on it, and I’m also prompted for the password, so clearly something’s not quite there yet. Any ideas? I intend to sync a series of network folders to this drive, so not being ready can make it a bit messier to sync at boot.
Thanks!
Just partly related, and probably no help here - but about the fact, that you can’t type in that password (regardless whether you can remember it or not):
you probably use a bluetooth keyboard on that surface? Before boot is finished, bluetooth connection is not possible, so you need some sort of USB/serial keyboard to even type.
Had this issue when full disk encrypting a surface, because without usb (or the original serial) keyboard your stuck in the luks mount process during boot…
Nope. Full on original surface keyboard. Works on BIOS, works on Grub…and then on that specific step, no input is reflected on the screen. No keys being typed, no failed login message being shown, nothing reacts.
Ok, typing in the password but not seeing any characters (like * e.g.) is quite common. It prevents shoulder surfers from seeing the acual length of you password.
That means, that its still possible, that you keyboard is actually working there.
Are you using a layout different from US-ANSI ? Sometimes devices fall back to US layout during boot, which would lead to you typing in a “wrong” password, without noticing it. Especially special characters have different keys on different layouts. On german layout e.g. “y” and “z” are “swapped”.
Yes, I understand all this but…If I got the wrong password, I should, A) get some feedback that I have clicked Enter and attempted a login, and B) get feedback that my attempt failed, right? All I get is a frozen screen unresponsive to any input at all.
Yes, sorry for missunderstanding !