Re: [solved securely now??] What is the correct way to set encrypted swap with systemd?

To: debian-user@lists.debian.org
Subject: Re: [solved securely now??] What is the correct way to set encrypted swap with systemd?
From: ~Stack~ <i.am.stack@gmail.com>
Date: Tue, 31 Mar 2015 19:23:42 -0500
Message-id: <[🔎] 551B3A8E.9040603@gmail.com>
In-reply-to: <5bgbenvjjrv8@mids.svenhartge.de>
References: <5515DD3A.40807@gmail.com> <0bg8v4gjjrv8@mids.svenhartge.de> <5516F04B.8070507@gmail.com> <20150328191553.GA13068@alum.home> <55170AD3.5050606@gmail.com> <3bg9o3djjrv8@mids.svenhartge.de> <55173007.1020009@gmail.com> <4bga2r0jjrv8@mids.svenhartge.de> <55177729.5080707@gmail.com> <5bgbenvjjrv8@mids.svenhartge.de>

On 03/29/2015 07:06 AM, Sven Hartge wrote:
> ~Stack~ <i.am.stack@gmail.com> wrote:
> 
>> One more question if you don't mind: I understand why the encrypted
>> partition UUID is going to change every time, but the physical
>> partition UUID for my /dev/sda3 shouldn't change though. If they are
>> the same systemd.fsck shouldn't have a problem with the physical
>> partition UUID of /dev/sda3, but yet it does (at least for me). So
>> what is the difference between the UUID pointing to /dev/sda3 and the
>> /dev/disk/by-id pointing to /dev/sda3?
> 
> Please provide an example of such an UUID and the way you obtained it. 

Greetings Sven,

So something odd has happened...

# blkid |grep sda3
/dev/sda3: PARTUUID="0003efe2-03"
/dev/mapper/sda3_crypt: UUID="f4aad427-3462-4dcf-a40d-617e90a7b1cb"
TYPE="swap"

# grep sda3 /etc/crypttab
sda3_crypt /dev/disk/by-id/ata-TOSHIBA_MK3259GSXP_42K5CE0TT-part3
/dev/urandom cipher=aes-xts-plain64,size=256,swap

That "PARTUUID" is odd because it used to be a UUID...huh...really not
sure what happened...but I have a guess (below)...

But on my not-yet-updated-to-an-OS-with-systemd boxes they are either
configured for keys or use the UUID from blkid and that UUID is what is
in /etc/crypttab. In my first email this
"UUID=ef2496cd-ca4d-43aa-8c90-dba084029f6e" was taken from blkid.
Clearly that is no longer the case and would explain why UUID doesn't
work. :-)

So off I went to read about UUID vs PARTUUID. Short notes:
UUID == filesystem
PARTUUID == partition

Thus, I would want to point to the partition PARTUUID because (as you
pointed out to me earlier) the swap filesystem is going to change every
time due to urandom and thus the UUID should be changing on every
boot...blkid is probably seeing that this is a ever changing swap
partition and just returning the PARTUUID for me.

But putting that PARTUUID in my /etc/crypttab didn't work and I ended up
with the systemd.fsck timing out and not mounting swap. Hrm.

Well, I guess the disk-by-id works so I will just use that for now.

Thanks again! I have learned a ton about cryptab, swap, UUID/PARTUUID,
and the boot process. :-)

~Stack~

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: [solved securely now??] What is the correct way to set encrypted swap with systemd?
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: [solved securely now??] What is the correct way to set encrypted swap with systemd?
  - From: David Wright <deblis@lionunicorn.co.uk>

Next by Date: Re: Is this an April Fool joke running early ? (Systemd to fork the kernel)
Next by thread: Re: [solved securely now??] What is the correct way to set encrypted swap with systemd?
Index(es):
- Date
- Thread