This is how I got auto decrypt & mount working on Libreelec 11 on Raspberry Pi 5, without entering the password every time. All my hd use the same password and all use truecrypt hidden volume. Please advise if there is a better method:
I did all these steps with my root account.
I create a file ( /storage/myscripts/my_pwd ) and write my truecrypt password without ending newline, then I restricted access, then I restricted access ( chmod 0600 /storage/myscripts/my_pwd )
I created /etc/crypttab file:
truecryptsda1 /dev/sda1 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsda2 /dev/sda2 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsda3 /dev/sda3 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsda4 /dev/sda4 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdb1 /dev/sdb1 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdb2 /dev/sdb2 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdb3 /dev/sdb3 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdb4 /dev/sdb4 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdc1 /dev/sdc1 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdc2 /dev/sdc2 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdc3 /dev/sdc3 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdc4 /dev/sdc4 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdd1 /dev/sdd1 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdd2 /dev/sdd2 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdd3 /dev/sdd3 /storage/myscripts/my_pwd tcrypt-hidden,nofail
truecryptsdd4 /dev/sdd4 /storage/myscripts/my_pwd tcrypt-hidden,nofailthen I relaunched systemctl:
systemctl daemon-reloadin this way I got 16 new service files in /var/run/systemd/generator/ , one for each sdd. In this way every sdd. If you open [email protected] you can read these lines:
ExecStart=/usr/lib/systemd/systemd-cryptsetup attach 'truecryptsda1' '/dev/sda1' '/storage/myscripts/my_pwd' 'tcrypt-hidden,nofail'
ExecStop=/usr/lib/systemd/systemd-cryptsetup detach 'truecryptsda1'then I created a new file, /storage/.config/udev.rules.d/99-automount.rules , with only one line:
ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", KERNEL=="sd[a-z][0-9]", RUN+="/storage/myscripts/my_automount.sh %k"finally, I created /storage/myscripts/my_automount.sh
#!/bin/bash
# check if $1 starts with "sd"
if ! echo "$1" | grep -q "^sd"; then
exit 0
fi
# device name
device_path="/dev/$1"
volume="truecrypt$1"
# remove volume if already mounted
/usr/lib/systemd/systemd-cryptsetup detach "$volume"
output_decrypt=$( { /usr/lib/systemd/systemd-cryptsetup attach "$volume" "$device_path" '/storage/myscripts/my_pwd' 'tcrypt-hidden'; } 2>&1)
if [ $? -eq 0 ]; then
# mount
output_systemdmount=$( { systemd-mount /dev/mapper/$volume; } 2>&1)
if [ $? -eq 0 ]; then
exit 0
else
/usr/lib/systemd/systemd-cryptsetup detach "$volume"
fi
else
exit 1
fidone. Now my hidden truecrypt volumes are automount at boot or as soon as I connect to any USB port.
Note: default Raspberry Pi 5 boot sequence is USB, sd so if you have your os on sd don't connect your truecrypt volume to a USB 3 ports (USB 2 ports are ok). Of course you can change boot sequence (be careful, there is a bug ...) or use USB 3 port after Libreelec boots.