Nov
29

Mount TrueCrypt drive on boot time under Debian / Ubuntu

By rzelazko  //  Linux  //  11 Comments

There are several possibilities to mount encrypted, password protected TrueCrypt drive on boot time. This article describe how to create password protected TrueCrypt drive and mount it on boot time under GNU Linux.
We will create init.d script file and put them command which ask for password, create mount point and mount drive.
Requirements:

  • TrueCrypt – download it and install from truecrypt.org site
  • Debain / Ubuntu :)
  • Root prvivileges (I’m using sudo command)

First step – create encrypted drive

  1. Method 1: encrypting drive with TC GUI: run TrueCrypt from menu, click on Create Volume, Create volume within partition/drive, Standard TC volume, get algorithm, type password (uncheck Use keyfiles option), next, next, next, exit :)
  2. Method 2: encrypting drive from command line. TODO

Second step – write init.d script file

Login as root, download my init.d file, edit it to your needs.

1
2
3
4
5
6
sudo su
cd /tmp
wget -c "http://rafal.zelazko.info/wp-content/uploads/2009/11/29/tc.tgz"
tar -xvzf tc.tgz -C /etc/init.d
cd /etc/init.d/
vim tc

Edit /etc/ini.d/tc file. Find there two constant and rewrite them:

1
2
TC_DEVICE="/dev/sda" # type here path to encrypted device
TC_MOUNT_POINT="/media/truecrypt2" # type here mount point

Notice: above script mounts standard (not hidden) password protected, with no key files, device. To automatically mount other kind of TC volume you must rewrite some script parts (or ask me, write comment, etc)

Test init script:

1
2
3
4
invoke-rc.d tc start # if everything is correct you should be asked for password
ls -la /media/truecrypt # type here mount point
# there should be list of files stored on encrypted volume
invoke-rc.d tc stop # umount encrypted device

Third step – add script which mounts encrypted drive to Debian / Ubuntu autorun
Now when everything is correct you can put your script to debian autorun. To do this simple type following command.

1
update-rc.d tc defaults

Reboot your computer, on next boot there should be password prompt :)

Other solution

Main linux distribution, including Debian and Ubuntu, has alternative for TrueCrypt: LUKS (Linux Unified Key Setup). Maybe later I’ll write article how to use it on Debian / Ubuntu…

Tags: , , , , , , , , , , , ,

Author:

Freelancer. Experienced J2EE, PHP, JS Developer. Advanced Linux user.

Rafał Żelazko has written 42 articles for us.

11 Comments to “Mount TrueCrypt drive on boot time under Debian / Ubuntu”

  • sende tikla October 27, 2009 at 05:37

    Hello.
    There is a Turkish explanation of True Crypt is here: http://www.sendetiklat.com/programlar/guvenlik-programlari/gercek-sifreleyici-truecrypt.html
    if anyone needs.

  • n March 1, 2010 at 21:22

    thx, very useful

  • robert September 19, 2010 at 20:23

    Hallo,

    i have installed the script on my ubuntu 9.10, but the password prompt does not appears….? why ?

  • rzelazko September 24, 2010 at 16:52

    There is a bug in script and password prompt works only if usplash is disabled.

  • Endebian June 20, 2011 at 23:55

    If the xserver starts automatically the passwort dialog will not be displayed. Is there any possibility to add an command to proceed without entering a password (i’m using a keyfile for encryption which is located on the encrypted home partition ).

    Thanks in advance
    Endebian

  • rzelazko June 21, 2011 at 08:38

    Of course there is possibility. To do this you need to modify this file

    1
    /etc/ini.d/tc

    to use keyfiles instead of password.

  • Endebian June 21, 2011 at 13:39

    The modification is done but it needs to push to confirm “no password”. Do you know how to include a bash ? My bash skills are very simple and i didn’t found anything similar on the net. Or is there a possibility to disable the password dialog?

    Thanks in advance
    Endebian

  • Endebian June 22, 2011 at 11:30

    Set the tc parameter –password=”" disable the password dialog on the console. Now it is possible to mount an tc volume during boot without any password dialog. Ensure that the system partition is also encrypted while using keyfile only. Thank you very much …

    Endebian

  • Martin November 18, 2011 at 16:02

    Hi, i tried your script, it wokrs fine when started manually, but doesn’t run on bootup. (Ubuntu 11.10) No error message shown. The only thing i changed is line 25:
    truecrypt -t -k “keyfile” –password=”" –protect-hidden=no $TC_DEVICE $TC_MOUNT_POINT
    and line 9: # Default-Stop: 0 1 6, because” update-rc.d tc defaults” gave me the following error:” warning: tc stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)”

    Any idea what went wrong?

    Greetings

  • rzelazko November 18, 2011 at 16:11

    Hi,
    This script have been prepared for old version of Ubuntu. At the moment I can’t check it on current release. I’m not sure but I think there will be problems with Plymouth so try to delete

    1
    splash

    option from

    1
    /etc/default/grub

    then

    1
    update-grub

    and then it should work – but not for sure.
    Good luck

  • Martin November 18, 2011 at 17:04

    Me stupid… ;-) The Keyfile is on a usb-stick that might not be mounted at the time, the script runs… So now i’m googling for a solution.
    Thanks for the hint!

Leave a comment