Hey, my 2nd NVMe SSD is encrypted with a different password to my main one with Fedora on it. I am wondering if there is a way to get it to auto mount when I log in. Thanks 
I would like to know it as well. Are you using Atomic OS?
No, it’s standard Fedora KDE, not atomic.
Oh, so you could try to install Gnome app called Disks and in on a selected disc click cogs edit encryption options… and mark unlock at system start up. Maybe it will work. : )
There is also a KDE native option:
Automount in KDE Settings
-
System Settings
-
Hardware âž” Removable Storage âž” Removable Devices.
-
In the Device Automounting list, locate your second NVMe SSD. Check both boxes for Automount on Login and Automount on Attach.
-
Make sure the top global setting “Automatically mount all removable media at login” is also checked.
-
Click Apply.
Save password in KWallet:
-
Open Dolphin (KDE File Manager).
-
on the left sidebar under Devices, click on your encrypted 2nd NVMe drive.
-
A prompt will pop up asking for the drive’s encryption password.
-
Enter your password, and make sure to check the box that says Remember password. It will be saved in KWallet
Unable to find any of that
if you would like to try gnome disks app you can install it:
sudo rpm install gnome-disk-utility
You could go the command line way as well:
- create a key-file for the 2nd encrypted drive
- place the key file somewhere under
/etc(e.g./etc/cryptsetup-keys.d/) (assuming that/etcis within the main ecrypted drive) - add the 2nd encrypted device in
/etc/crypttab, referencing the generated key-file - add the LUKS device to
/etc/fstab, making sure to use thenofailflag.
This method would decrypt and mount the device for all users of the system.
I have two SSDs in my computer. The boot drive is an NVMe that holds “root” and all the other stuff needed for the Fedora installation, and the second one is a SATA SSD that holds only my /home folder. The NVMe is not encrypted, the /home drive is.
I followed the instructions here ( Install Fedora with disk-encryption and rollback support ) to set it up so it auto-decrypts my /home drive when I log in. It requires Secure Boot, though, because it uses the TPM to store the password. So if you don’t have Secure Boot enabled, this won’t work for you.
To get to the specific part I’m talking about, click on that link and scroll down to section 5. “Bypass the Additional Passphrase Prompt.” Obviously, use common sense here – he’s talking about encrypting the root drive, so (for example) in the “Get the UUID of your LUKS device” part, change the / to /path/to/your/encrypted/drive. Make sure you understand all the instructions before proceeding, of course. YMMV. Best of luck.
Ok, I got it done. @tqcharm and @laurence5905 both helped for some of it. In the end this is the process I needed to follow. It is all working perfectly now.
Identified LUKS device and UUID using:
lsblk -f
blkid /dev/nvme0n1p1
Original container was LUKS1; TPM2 enrollment requires LUKS2 support in systemd-cryptenroll, so the container was recreated as LUKS2 (this step is destructive and requires reinitializing the filesystem):
cryptsetup luksFormat --type luks2 /dev/nvme0n1p1
Opened encrypted device:
cryptsetup open /dev/nvme0n1p1 luks-second
Created filesystem on the decrypted mapping:
mkfs.btrfs /dev/mapper/luks-second
Created mount point and mounted:
mkdir -p /mnt/second
mount /dev/mapper/luks-second /mnt/second
Enrolled TPM2 key slot for automatic unlocking at boot:
systemd-cryptenroll --wipe-slot=tpm2 --tpm2-device=/dev/tpmrm0 /dev/nvme0n1p1
Added /etc/crypttab entry (handles unlocking at boot via TPM2):
luks-second UUID=3289adf7-e9b4-4435-bab0-af371940a957 none tpm2-device=/dev/tpmrm0
Added /etc/fstab entry (mounts decrypted volume after unlock):
/dev/mapper/luks-second /mnt/second btrfs defaults 0 0
Reloaded systemd and regenerated initramfs:
systemctl daemon-reload
dracut -f
Tested:
mount -a
reboot