This is delightfully easy, and should work on any Debian-derived distribution, such as the fabulously popular *buntu family. You'll need a line in /etc/fstab for the encrypted partition; make sure to change noauto to auto, and make sure to specify users and not user, to allow non-root users to mount and unmount the encrypted partition.

Then add a line to the /etc/crypttab file with your cryptsetup device name, the /dev name, the path to the keyfile (we don't have one) and specify that we want LUKS extensions:

sda2    /dev/sda2  none luks

Now run the startup script to test it:

# /etc/init.d/cryptdisks start 

 * Starting remaining crypto disks...
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

Hurrah! Now reboot to see if it works. You'll be prompted for your LUKS password early in the boot process. It times out after 180 seconds; this is controlled in /etc/default/cryptdisks.

Now you can stop and start it with the usual /etc/init.d/cryptdisks {start|stop|restart|reload|force-reload} commands.

Next: Giving Users Limited Rootly Powers, Other Boot Methods »