[dm-crypt] identifying vanilla GPT partitions for encryption

Boylan, Ross Ross.Boylan at ucsf.edu
Thu Oct 2 21:05:27 CEST 2014


[Note this does not concern coming up with a unique code to identify encrypted partition as a type, the subject of a January thread.]

In brief, can GPT partition UUIDs be used to identify partitions that will be the base for encrypted swap (i.e., no LUKS)?

Background:

My crypttab included
# sda2 appears to lack a UUID
sda2_crypt /dev/sda2 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap
sdb2_crypt UUID=d0b3bdf0-8711-4780-a31f-2f296c1fea00 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap

I added and moved around disks and this led to the wrong sda2 being used (a possibility mentioned in the FAQ).
The UUID given for sdb2 does not exist, so that device was not created.

The disks are GPT format, and each GPT partition has a UUID (http://en.wikipedia.org/wiki/GUID_Partition_Table#Features).  Is it possible to use that?

Since the partitions are swap they do not have a LUKS header to identify them.  The FAQ suggests some work-arounds, but they are a bit awkward and seem likely to have some performance penalty.  Also, my md device numbers have not been stable through my recent work, which involved alternating between old and new version of mdadm and creating new md devices.

blkid does not report a UUID for the raw partitions, and parted does not print one out either.  So I'm a bit baffled how to find it, and also have doubts that dm-crypt (or whatever handles crypttab) would be able to use the ids even if I found them.

Thanks.
Ross Boylan


More information about the dm-crypt mailing list