Automounting LUKS encrypted external usb when device inserted without error or hanging on boot if not present
1
vote
2
answers
2221
views
## Scenario
Have an external device, encrypted with LUKS, automatically mount when inserted and not cause any issues if not present on boot.
> Most questions on this topic refer to mounting on boot - this is NOT what I am trying to do
Additionally, the mountpoint should be protected from accidental writes when the usb device is not present and I can do this with
chattr +i
## Problem
1. When the external device is NOT mounted, any attempt to access the mountpoint will hang until timeout - this can cause system instability.
1. When the device is inserted, the passphrase is prompted for and device unlocked, but not mounted. I then have to mount the device manually with mount /mnt/backup or mount /dev/mapper/fit which appears to correctly use the fstab settings.
## Configuration
# /etc/crypttab
fit UUID=xxxxxxxx-xxxxx-xxxxxxxx-xxxxxxxxxx none luks,noauto# /etc/fstab
/dev/mapper/fit /mnt/backup ext4 noatime,user,noauto,x-systemd.automount,x-systemd.device-timeout=5ms,x-systemd.mount-timeout=100ms 0 0# Accessing the mountpoint when the drive is NOT plugged in
andy@pop-os:mnt$ ll
ls: cannot access 'backup': No such device
total 0
d????????? ? ? ? ? ? backup/
andy@pop-os:mnt$ mountpoint /mnt/backup
/mnt/backup is a mountpoint# journalctl
Jan 21 16:33:34 pop-os systemd: mnt-backup.automount: Got automount request for /mnt/backup, triggered by 5192 (ls)
Jan 21 16:33:34 pop-os systemd: dev-mapper-fit.device: Job dev-mapper-fit.device/start timed out.
Jan 21 16:33:34 pop-os systemd: Timed out waiting for device /dev/mapper/fit.
Jan 21 16:33:34 pop-os systemd: Dependency failed for /mnt/backup.
Jan 21 16:33:34 pop-os systemd: mnt-backup.mount: Job mnt-backup.mount/start failed with result 'dependency'.
Jan 21 16:33:34 pop-os systemd: dev-mapper-fit.device: Job dev-mapper-fit.device/start failed with result 'timeout'.# Absolute path is required if not using sudo (user was set in fstab)
andy@pop-os:mnt$ umount /mnt/backup
andy@pop-os:mnt$ sudo cryptsetup close fit
andy@pop-os:mnt$ sudo eject /dev/sdxandy@pop-os:mnt$ sudo umount backup
andy@pop-os:mnt$ ll
total 4.0K
drwxr-xr-x 2 root root 4.0K Jan 19 10:16 backup/
andy@pop-os:mnt$ lsattr
----i---------e------- ./backup
andy@pop-os:~$ mountpoint /mnt/backup
/mnt/backup is not a mountpointnoauto and don't include x-systemd.automount then I avoid the problem of the directory being a mountpoint on boot when no device is present, but I also don't get automounting - although the device still unlocks.
## Mounting the external device
Passphrase is prompted for and device unlocked
andy@pop-os:mnt$ lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
sdb crypto_LUKS 2 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
└─fit ext4 1.0 yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy
andy@pop-os:mnt$ ll backup/
ls: cannot access 'backup/': No such device# journalctl -f
Jan 21 17:17:26 pop-os kernel: usb 6-2: new SuperSpeed USB device number 2 using xhci_hcd
Jan 21 17:17:26 pop-os kernel: usb 6-2: New USB device found, idVendor=090c, idProduct=1000, bcdDevice=11.00
Jan 21 17:17:26 pop-os kernel: usb 6-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jan 21 17:17:26 pop-os kernel: usb 6-2: Product: Flash Drive FIT
Jan 21 17:17:26 pop-os kernel: usb 6-2: Manufacturer: Samsung
Jan 21 17:17:26 pop-os kernel: usb 6-2: SerialNumber: 0123456789123
Jan 21 17:17:26 pop-os kernel: usb-storage 6-2:1.0: USB Mass Storage device detected
Jan 21 17:17:26 pop-os kernel: scsi host7: usb-storage 6-2:1.0
Jan 21 17:17:26 pop-os mtp-probe: checking bus 6, device 2: "/sys/devices/pci0000:00/0000:00:08.1/0000:0b:00.4/usb6/6-2"
Jan 21 17:17:26 pop-os mtp-probe: bus: 6, device: 2 was not an MTP device
Jan 21 17:17:26 pop-os mtp-probe: checking bus 6, device 2: "/sys/devices/pci0000:00/0000:00:08.1/0000:0b:00.4/usb6/6-2"
Jan 21 17:17:26 pop-os mtp-probe: bus: 6, device: 2 was not an MTP device
Jan 21 17:17:29 pop-os kernel: scsi 7:0:0:0: Direct-Access Samsung Flash Drive FIT 1100 PQ: 0 ANSI: 6
Jan 21 17:17:29 pop-os kernel: sd 7:0:0:0: Attached scsi generic sg1 type 0
Jan 21 17:17:29 pop-os kernel: sd 7:0:0:0: [sdb] 501253132 512-byte logical blocks: (257 GB/239 GiB)
Jan 21 17:17:29 pop-os kernel: sd 7:0:0:0: [sdb] Write Protect is off
Jan 21 17:17:29 pop-os kernel: sd 7:0:0:0: [sdb] Mode Sense: 43 00 00 00
Jan 21 17:17:29 pop-os kernel: sd 7:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesnt support DPO or FUA
Jan 21 17:17:29 pop-os kernel: sdb: sdb1
Jan 21 17:17:29 pop-os kernel: sd 7:0:0:0: [sdb] Attached SCSI removable disk
Jan 21 17:17:41 pop-os systemd: Starting Cryptography Setup for fit...
Jan 21 17:17:41 pop-os systemd-cryptsetup: Volume fit already active.
Jan 21 17:17:41 pop-os systemd: Finished Cryptography Setup for fit.
Jan 21 17:17:41 pop-os systemd: Reached target Block Device Preparation for /dev/mapper/fit.
Jan 21 17:17:41 pop-os gnome-shell: Unable to mount volume 257 GB Encrypted: Gio.IOErrorEnum: Operation was cancelled
Jan 21 17:17:41 pop-os udisksd: Unlocked device /dev/sdb1 as /dev/dm-4andy@pop-os:mnt$ mount /mnt/backup
mount: /mnt/backup: /dev/mapper/fit already mounted on /mnt/backup.x-systemd.device-timeout](https://www.freedesktop.org/software/systemd/man/systemd.mount.html#x-systemd.automount) to something much less than the default 90s then my system will slowly become unresponsive and then crash. I thought systemd might be timing out waiting for me to type in my passphrase but longer timeouts didn't seem to help
- I copied the configuration from an old Ubuntu 22.04 system to Pop!_OS 22.04, I would sometimes see the question marks while listing the directory in the unmounted state but the auto-mount worked perfectly. On the old system I didn't set the immutable attribute on the mountpoint.
## Related
- [mount-error-when-automounting-a-luks-encrypted-usb-flashdrive](https://unix.stackexchange.com/questions/281349/mount-error-when-automounting-a-luks-encrypted-usb-flashdrive) - different errors and method of mounting
- [Automounting USB sticks on Debian](https://unix.stackexchange.com/a/346830/458741) - uses a slightly different method with nofail instead of noauto but unfortunately doesn't answer my question
- I can get more information with systemctl show mnt-backup.mount but this hasn't helped me
- The man page for [fstab](https://wiki.archlinux.org/title/fstab) says what to do for external devices but these settings don't auto mount the device and do cause the boot process to hang
---
So, why does accessing the mountpoint try to access the device after it has been unmounted resulting in ?????????, and why does it not automount correctly when the device is inserted? Between the old fstab and new systemd I can't seem to find the magic variables.
Would also be useful to know why the system crashes if I don't set the device timeout?
---
### Update August 2023
[mount-vs-automount-systemd-units...](https://unix.stackexchange.com/questions/570958/mount-vs-automount-systemd-units-which-one-to-use-for-what) explains the ????? as the .automount unit attempts to open the mountpoint on access.
I have still been unable to achieve the behaviour I want though, and wonder if it because without configuring anything udev is used and then the only problem is being able to customise the directory used as a mountpoint. As soon as an fstab entry is made, /run/systemd/generator systemd units are made and the behaviour changes.
There also seems to be a problem on my new system with plymouth as this spits out errors while systemd uses 100% CPU and hangs the system. This doesn't happen on my old laptop.
Asked by a2k42
(131 rep)
Jan 22, 2023, 12:21 AM
Last activity: Jun 10, 2025, 01:06 PM
Last activity: Jun 10, 2025, 01:06 PM