[dm-crypt] UUID question

Arno Wagner arno at wagner.name
Tue Dec 18 09:55:12 CET 2012


On Tue, Dec 18, 2012 at 09:21:48AM +0100, Milan Broz wrote:
> On 12/18/2012 01:36 AM, Arno Wagner wrote:
> > On Mon, Dec 17, 2012 at 04:10:50PM -0800, David Li wrote:
> >> Hi, I wonder if the dm-crypt partition UUID (shown in blkid -p <dev>) can
> >> be used to uniquely associate it with the set of keys the partition will
> >> need. Are there any cases that the UUID would change during the partition's
> >> lifetime?
> > 
> > The UUID is actually a filesystem attribute, not a partition 
> > attribute. That said, for purpose of an UUID, LUKS is regarded as a 
> > filesystem, which is IMO the correct way to view it, but not a 
> > perfect one. So, yes, the UUID will change if you do a luksFormat 
> > (aptly named if LUKS is regarded as a filesystem), but it will not 
> > change otherwise. As a luksFormat invalidates all keys, that should 
> > do for your purpose. 
> 
> Well, it is more complicated. blkid recognizes UUID from metadata
> on disk. There are several groups of metadata and there are priorities
> (raid devices have priority to filesystem for example).

Interesting. I admit I only checked where LUKS and ext2/3/4 keep 
the UUID and whether DOS partitions have them. Is there some 
documentation on these priorities, or is the source of blkid 
authorative?

> UUID is generic attribute, even MD devices, LVM PVs etc have UUID.
> 
> LUKS is basically handled like MD (raid) device.

Makes sense.

Arno




> Anyway, question was if UUID can change during lifetime - no.
> (reformat is not part of lifetime, you will lose data)
> To be precise, you can change UUID but it must be explicit user action
> (see man cryptsetup).
> 
> And it is preferred way to reference LUKS device by its UUID (if the
> physical disk is moved likde sdb->sdc, it still works).
> 
> An example:
> 
> # blkid /dev/sdb
> /dev/sdb: UUID="bb0c71ca-24c0-4a73-b7ff-ebdbcf152040" TYPE="crypto_LUKS"
> 
> # blkid -U bb0c71ca-24c0-4a73-b7ff-ebdbcf152040
> /dev/sdb
> 
> 
> And cryptsetup itself (in recent versions) recognizes UUID as device parameter:
> 
> #cryptsetup luksOpen UUID=bb0c71ca-24c0-4a73-b7ff-ebdbcf152040 test
> Enter passphrase for /dev/disk/by-uuid/bb0c71ca-24c0-4a73-b7ff-ebdbcf152040: 
> 
> And you should be able to use UUID in /etc/crypttab as well.
> 
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell


More information about the dm-crypt mailing list