Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encryption mapper for external USB HD
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
larophel
n00b
n00b


Joined: 19 Mar 2005
Posts: 54

PostPosted: Mon Jan 10, 2011 6:01 am    Post subject: Encryption mapper for external USB HD Reply with quote

Hi,

I am currently trying to encrypt my external USB HD using this tutorial: http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS
Everything works fine, until I unplug the HD and then plug it in again.
At that point, udev changes the name of the device (e.g. from /dev/sdb3 to /dev/sdc3).
This means, that my mapping in /dev/mapper is not valid anymore and I cannot mount my hard disk unless I remove the mapping and create a new one.
Of course, this is rather cumbersome.
I tried to use a symbolic link during the "luksOpen" step, e.g.:

cryptsetup --key-file /root/canvio.key luksOpen /dev/disk/by-uuid/6d71b948-1230-4a68-a865-f57c5c85af37 canvio

but the result was the same.

I also tried to create an udev rule to always name my hard disk the same:

BUS=="usb", SYSFS{serial}=="2010030517B8", KERNEL=="sd?3", NAME="sdb3"

but udev just ignores it:

Jan 10 00:09:58 [udevd-work] kernel-provided name 'sdc3' and NAME= 'sdb3' disagree, please use SYMLINK+= or change the kernel to provide the proper name_

I would appreciate any help in getting this solved.

Thanks,
Back to top
View user's profile Send private message
Veldrin
Veteran
Veteran


Joined: 27 Jul 2004
Posts: 1945
Location: Zurich, Switzerland

PostPosted: Mon Jan 10, 2011 7:26 am    Post subject: Reply with quote

before unplugging your hdd, do you close it properly (i.e luksClose)

if you want to symlink your device, you have to use a non-standard name, otherwise you will have some overlap, and that is why udev complains.
use something like NAME=usb or similar.
But this does not help, if the hdd get unmounted uncleanly, because then udev will create a new dev node, and you will run into the same issue as before.

V.
_________________
read the portage output!
If my answer is too concise, ask for an explanation.
Back to top
View user's profile Send private message
larophel
n00b
n00b


Joined: 19 Mar 2005
Posts: 54

PostPosted: Mon Jan 10, 2011 4:27 pm    Post subject: Reply with quote

Actually, I was not using luksClose so this was part of the problem.

Unfortunately, you cannot use "NAME=xxx" because udev doesn't allow it.
However, I have now resorted to SYMLINK="sdb3"
It is not perfect because another removable device could take up that device name but it works for now.

Thanks for your input!
Back to top
View user's profile Send private message
Veldrin
Veteran
Veteran


Joined: 27 Jul 2004
Posts: 1945
Location: Zurich, Switzerland

PostPosted: Thu Jan 13, 2011 8:41 pm    Post subject: Reply with quote

shoot - my mistake

you haveto use SYMLINK, and you may just give it a name.
On an older installation, I used SYMLINK=usbhd to be able to use my fstab entries. simply put, replace your /dev/sdb3 with /dev/usbhd inside your fstab. recheck the naming convention - I am not quite up to speed with udev naming.
I strongly discourage the use of SYMLINK=sdb3, as it may already be taken.

cheers
V.
_________________
read the portage output!
If my answer is too concise, ask for an explanation.
Back to top
View user's profile Send private message
larophel
n00b
n00b


Joined: 19 Mar 2005
Posts: 54

PostPosted: Thu Jan 13, 2011 11:16 pm    Post subject: Reply with quote

Ah, I understand what you mean now.
Now, I have a new problem: I added the following line to my fstab:

Code:

/dev/canvio     /mnt/canvio     crypt   noatime,user,noauto,keyfile=/home/larohel/.canvio.key,fsk_cipher=none            0 0


But when I execute "mount /mnt/canvio" as an user, I get this error: "crypt_init: Block device required".
If I execute this command as root, it works:

mount.crypt_LUKS -o keyfile=/home/manuel/.canvio.key -o fsk_cipher=none /dev/canvio /mnt/canvio

Any idea how this could be solved?

Thanks again,
Back to top
View user's profile Send private message
robinmarlow
Apprentice
Apprentice


Joined: 10 Mar 2004
Posts: 167

PostPosted: Mon Dec 09, 2013 10:00 am    Post subject: Reply with quote

Hi,

Did you manage to figure out how to get this to work?
I'm having similar problems now.

Thanks,

Robin
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum