Mon problème est RÉSOLU :
@benjarobin tu m'as mis la puce à l'oreille concernant l'utilisation de /dev/mapper dans le crypttab. Effectivement après coup c'est logique car avec de pouvoir accéder à LVM il faut accéder à la partition chiffrée, et donc indiquer son nom dans crypttab, ici "cryptdat", avec son UUID. Merci
Ce qui suit dans le fstab est assez simple en fonctionne du coup car la partition est bien déverrouillée avec le crypttab.
SOLUTION >> Pour résumer, avec le contenus des fichiers concernés :
1. En sortie de lsblk -f (avec les disques montés et déverrouillés) :
Code : Tout sélectionner
[mansi ~]# lsblk -f
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ntfs Réservé au système 0AFE92B1FE929493
├─sda2 ntfs 86C899A6C89994D1
├─sda3 ext2 BOOT-MSI 24d93409-874b-4003-b26b-5ef872a58921 /boot
└─sda4 crypto_LUKS d8d291c0-03b4-4710-bdf7-80c1a797cea8
└─vgsys LVM2_member 8I0R9R-bLLR-2mTR-nfYy-yByk-tvCk-mLdae1
├─vgsys-lvswap swap SWAPLVM-MSI 58ae7159-e378-4c9b-906c-5ed2d9065fe6 [SWAP]
├─vgsys-lvroot ext4 ROOTLVM-MSI b989c671-1d74-470e-ba8e-285aa6e035ac /
└─vgsys-lvhome ext4 HOMELVM-MSI 1151ea58-6af8-47cc-9308-9d849326969e /home
sdb
└─sdb1 crypto_LUKS bf58ee54-0e7a-483b-a9ce-02e9611120e3
└─cryptdat LVM2_member mVKuTq-vUnj-KT3F-gDUa-kyQQ-te4j-XPg7st
└─vgdat-lvadata ext4 517e7bb9-e483-484a-9e6e-8977f36fe740 /adata
Code : Tout sélectionner
# crypttab: mappings for encrypted partitions
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# The Arch specific syntax has been deprecated, see crypttab(5) for the
# new supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf).
# <name> <device> <password> <options>
# home UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37 /etc/mypassword1
# data1 /dev/sda3 /etc/mypassword2
# data2 /dev/sda5 /etc/cryptfs.key
# swap /dev/sdx4 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
# vol /dev/sdb7 none
cryptdat UUID=bf58ee54-0e7a-483b-a9ce-02e9611120e3 /crypto_keyfile.bin luks
Code : Tout sélectionner
# crypttab: mappings for encrypted partitions
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# The Arch specific syntax has been deprecated, see crypttab(5) for the
# new supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf).
# <name> <device> <password> <options>
# home UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37 /etc/mypassword1
# data1 /dev/sda3 /etc/mypassword2
# data2 /dev/sda5 /etc/cryptfs.key
# swap /dev/sdx4 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
# vol /dev/sdb7 none
cryptdat UUID=bf58ee54-0e7a-483b-a9ce-02e9611120e3 /crypto_keyfile.bin luks
Code : Tout sélectionner
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES=""
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES="/crypto_keyfile.bin"
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS="base udev autodetect block filesystems"
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS="base udev block filesystems"
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS="base udev block mdadm encrypt filesystems"
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev block lvm2 filesystems"
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS="base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems pcmcia resume fsck"
# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""
Ici le dévéroulliage de la partition chiffrée se fait via un keyfile intégré dans l'initramfs (procédure de mise en place plutôt bien expliquée ici : "Wiki (EN) dm-crypt/Device encryption | With a keyfile embedded in the initramfs" https://wiki.archlinux.org/index.php/Dm ... _initramfs)