[dm-crypt] Detached headers, multiple drives and UUIDs

Milan Broz gmazyland at gmail.com
Mon Apr 10 15:25:31 CEST 2017


On 04/10/2017 03:07 PM, 7heo wrote:
> Hello all,
> 
> I have a question regarding the deported headers in LUKS, and how it
> can be used to simplify the setup of RAID over LUKS:
> 
> The current way to automatically unlock all the drives used in a Raid
> array seems to be to add the same key to all the drives in the
> array.
> 
> However that doesn't work with detached headers for obvious reasons.
> The detached headers can apparently be used on any number of
> devices/files at the same time, with one problem: they all have the
> same UUID. I tried using the --uuid flag with luksOpen without
> success.

You cannot change UUID for activated LUKS device, UUID must match the header
(otherwise libcryptsetup cannot handle many functions).

But you can simply duplicate detached header and then change UUID
inside that duplicated header (use luksUUID --uuid to do that).
(IOW every device will have own header that differs only in UUID.)

(In future there will be much simpler way to do that using kernel keyring
but that will be part of LUKS2.)

Milan


More information about the dm-crypt mailing list