[dm-crypt] Cryptsetup FAQ montly pointer 8/13
arno at wagner.name
Sat Aug 3 19:57:33 CEST 2013
On Sat, Aug 03, 2013 at 04:47:12PM +0200, Milan Broz wrote:
> On 08/03/2013 04:10 PM, Dragan Milivojević wrote:
> >> Another option for reliably identifying the swap partition is to use
> >> /dev/disk/by-id/<identifier> to identify the drive by model and serial
> >> number. For example, my own swap partition is
> >> /dev/disk/by-id/scsi-SATA_ST95005620AS_5YX1NEGE-part5
> >> That should be safe unless I re-purpose that drive and forget to update
> >> /etc/crypttab.
> > I would suggest using UUID. It works in all cases (partition, raid,
> > lvm member etc).
> > My crypttab (encrypted swap/home):
> > luks-4dc17e23-e895-4e4b-8061-114fb33c310b
> > UUID=4dc17e23-e895-4e4b-8061-114fb33c310b none
> > luks-46969c48-ab1f-4bd7-bc2a-ae7c1bc86b26
> > UUID=46969c48-ab1f-4bd7-bc2a-ae7c1bc86b26 none
> > This was generated by fedora install.
> Sure, this is the best way if you use LUKS and Fedora installer
> is using LUKS even for swap.
Which is not a general solution as that means
a) Suddenly all yout secret stuff in swap survices reboots
b) Swap needs a passphrase to be unlocked!
In the general case you want neither of these to happen.
> For plain crypt (or Truecrypt) you have no UUID, so you cannot use it.
> (You can use uuid/wwid of underlying device as mentioned above
> but this is not be present always.)
Indeed. I tried both when I wrote the entry, only to find that
neither worked on my system (Debain with custom kernel).
As this is not a distrioution specific FAQ (there are those)
distribution specific stuff shopuld not go into it. Of course
documentation for a specific distribution can contain specific
advice that is not general, and some people have already asked
me about such things, also with regard to encrypted swap.
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
More information about the dm-crypt