Encrypted partition gets auto mounted during boot - why?

Hi,

using the partitionioner in Yast, I have created an (internal), encrypted partition sda1 with XFS on my SSD.
Even though I ticked to box “Do not mount on boot up” this partition gets auto mounted on boot up nonetheless.

Here is my fstab:

UUID=2057aa1a-c2d2-4ba2-b859-e7035ac5d28d swap swap defaults 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 / btrfs defaults 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /boot/grub2/i386-pc btrfs subvol=@/boot/grub2/i386-pc 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /boot/grub2/x86_64-efi btrfs subvol=@/boot/grub2/x86_64-efi 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /opt btrfs subvol=@/opt 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /srv btrfs subvol=@/srv 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /tmp btrfs subvol=@/tmp 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /usr/local btrfs subvol=@/usr/local 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/cache btrfs subvol=@/var/cache 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/crash btrfs subvol=@/var/crash 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/lib/libvirt/images btrfs subvol=@/var/lib/libvirt/images 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/lib/machines btrfs subvol=@/var/lib/machines 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/lib/mailman btrfs subvol=@/var/lib/mailman 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/lib/mariadb btrfs subvol=@/var/lib/mariadb 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/lib/mysql btrfs subvol=@/var/lib/mysql 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/lib/named btrfs subvol=@/var/lib/named 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/lib/pgsql btrfs subvol=@/var/lib/pgsql 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/log btrfs subvol=@/var/log 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/opt btrfs subvol=@/var/opt 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/spool btrfs subvol=@/var/spool 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /var/tmp btrfs subvol=@/var/tmp 0 0
UUID=c4d737de-6975-4e46-bc51-c38acb6db735 /.snapshots btrfs subvol=@/.snapshots 0 0
UUID=F292-513B       /boot/efi            vfat       umask=0002,utf8=true  0 0
UUID=c5dbb6d1-5552-4e86-a6f5-2c31f01a7f31 /home                xfs        defaults              1 2


As you can see, sda1 is not even present in fstab.

Thanks for your help :slight_smile:

Not exact with the string sda1, but as all devices there are defined by there UUID, it could still be that sda1 is represented. Check with

ls -l /dev/disk/by-uuid | grep sda1

Unfortunately not present: c9266b86-8eed-48e8-af23-549f4e9d56b2

Then when there is no fstab entry, the mountpoint is not defined. Where is it mounted? Maybe that gives a hint to what makes it mounting.

BTW, it is prefered that you post output of what is asked for, including the prompts and the command. Like:

henk@boven:~> ls -l /dev/disk/by-uuid | grep sda1
lrwxrwxrwx 1 root root 10 29 jan 09:27 38ccaf9f-8c5e-4533-97a8-5b5b21a42411 -> ../../sda1
henk@boven:~>

It is the only way others can see exactly what you saw. The best way to avoid personal interpretations and guesses from the poster.

True that is:

david@tw:~> ls -l /dev/disk/by-uuid | grep sda1
lrwxrwxrwx 1 root root 10 Jan 29 23:26 c9266b86-8eed-48e8-af23-549f4e9d56b2 -> ../../sda1

When I type findmnt (after I had mounted it by simply clicking on it in Dolphin) I get:

/run/media/david/c5d06243-3a48-4964-9871-0740b804cd69 [TARGET]
│ │                                   /dev/mapper/luks-c9266b86-8eed-48e8-af23-549f4e9d56b2 [SOURCE]


I would not expect a reference to “sda1” in “fstab”. Rather, I would expect a reference to “/dev/mapper” or a UUID entry.

The only “xfs” entry I see in “fstab” is for “/home”. I’m assuming that’s not it.

If it is being mounted at “/run/media/david/something”, then it is probably your desktop that is mounting it on login. If you are using auto-login, then that might look like mounted during boot. But “/run/media/david” won’t exist until you login.

You can put a “noauto” in “/etc/crypttab” if you don’t want it unencrypted during boot. That goes in the options column.

While I think that @nrickerts advice is more valuable then mine because he is a known user of encryption. I am confused here.

From your first post I read that the file system is **mounted at boot **without it being in /etc/fstab. Now we see that it is not in /etc/fstab, but you do not show that it is mounted (and where) at boot, but you login in a desktop (KDE I assume), then mount it using Dolphin. How do you now prove that it is already mounted (and where) at boot?

And yes, you show that it can be mounted through the desktop and that is what you did, but not what your complaint is.

Maybe I should have asked on your first post already: Please prove what you tell that it is mounted at boot, by

mount | grep sda1

And that before you login, from the real console (Ctrl-Alt-F1).
Of course you can not copy/paste from there, but it is only one line to write down and type in the post.

I actually only assume that it would mount on boot since it’s asking me for my password (after GRUB). Since I don’t have that during boot I just click “ok” until the boot process continues and then mount it in OpenSuse with Dolphin. Then it shows the above mentioned mount point. I also do not use auto login.

So I added noauto in /etc/crypttab which didn’t make a difference at first. However then I updated Grub and now it works (e.g. it doesn’t promp for the password on boot).

grub2-mkconfig -o /boot/grub2/grub.cfg

Can you please next time describe what you do and see and not your assumptions?

A good problem description has three things:

  • what do you do;
  • what do you expect to happen;
  • what happens instead.

Not necessary in a bullet list or in the same sequence, but all three should be there.

Try to avoid jumping to conclusions, but post the computer facts. Other may come to a complete different conclusion when seeing what you saw. It is one of the reasons to ask for help: others looking with an unbiased view to the facts. But then the facts must be in the post.

Hope this helps for future threads.

When you change “/etc/crypttab”, it’s a good idea to run “mkinitrd”. Depending on where it happens, the copy of “crypttab” in the “initrd” might be the one that matters.