April 24, 2015

Lab 10.2 Solution

I had problems getting the solution for Lab 10.2 to work on Ubuntu 14.04 (discussed below). I found a solution that works (http://askubuntu.com/questions/463661/encrypted-swap-partition-for-14-04).

However, somewhat annoyingly the volume /dev/sda6/ disapears from the output of sudo blkid after rebooting. Consequently, I have not been able to use a UUID to make identifying the physical device at boot more robust than /dev/sda6. This seems to be contrary to the manpage which says "...Instead of giving the source device explicitly, the UUID is supported as well, using UUID=..." (See Diagnostic Information A).

Incompatible cryptsetup command and /etc/crypttab entry in Lab 10.2 Solution?:
The cryptsetup command seems incomptible with the /etc/crypttab entry because cryptsetup prompts for a passphrase. Whereas the /etc/crypttab entry uses /dev/urandom for its key file (See Diagnostic information B). If you compare the cryptsetup commands from 'Lab 10.2 Solution:'

$ sudo cryptsetup luksFormat /dev/sda11 # may use --ciper aes option
$ sudo cryptsetup luksOpen /dev/sda11 swapcrypt

and

:~$ sudo cryptsetup -d /dev/urandom create cryptswap /dev/sda6
:~$ sudo mkswap -f /dev/mapper/cryptswap -v1
(from: (http://askubuntu.com/questions/463661/encrypted-swap-partition-for-14-04))

I would suggest this is why the encrypted swap partition was not ready after reboot in the Lab 10.2 Solution.

So to summarise my questions are:
1. If the /dev/sda6 disapears from sudo blkid output after reboot how may I identify and mount the device with a more robust method such as UUID=?
2. If you are going to use the /dev/urandom method of encryption is it necessary to specify it both within the cryptsetup command and the /etc/crypttab command?

As usual I expect I have misunderstood some aspect/s so I thank you in advance for making the effort to set me straight.

Diagnostic information A:
:~$ sudo blkid # before reboot
[sudo] password for thebiz:
/dev/sda1: LABEL="Win7" UUID="FAEEAD46EEACFBCF" TYPE="ntfs"
/dev/sda2: UUID="123EABF73EABD251" TYPE="ntfs"
/dev/sda4: LABEL="LENOVO_PART" UUID="32588AD8588A9A6D" TYPE="ntfs"
/dev/sda5: LABEL="Ubuntu" UUID="0288dc9a-30c5-4a83-ace9-c8c93318a798" TYPE="ext4"
/dev/sda6: UUID="ad5d344a-f00a-4bbe-92ba-2f9d1e393799" TYPE="swap"
/dev/sda7: LABEL="CentOS" UUID="722a724d-9bdb-4e6b-b7c0-4e7a22e24380" TYPE="ext4"
/dev/sda8: UUID="8528880f-a0d6-4e5a-8f59-a445f72d8863" TYPE="swap"
/dev/sda9: LABEL="OpenSUSE" UUID="7cf9c051-88ce-4d17-905c-d39d2c58c415" UUID_SUB="3d3fdd6b-5511-41fe-ac5e-fbb6f4a2d7b1" TYPE="btrfs"
/dev/sda10: UUID="cad1d000-7ecd-453d-bb3e-c28790d85bee" TYPE="swap"
/dev/sda11: UUID="6d721972-8566-409e-b796-c1429d7670b0" TYPE="crypto_LUKS"
/dev/sdb1: LABEL="mydocuments" UUID="0AAACA9649E772A8" TYPE="ntfs"
/dev/sdb2: UUID="697d8f2a-4d77-4a4c-b48a-a90a525e31b1" TYPE="ext4"
/dev/mapper/secret-disk: UUID="a6fca341-8e25-463b-8e67-7b6a1fdc82c7" TYPE="ext4"

:~$ sudo swapoff -a
:~$ sudo cryptsetup -d /dev/urandom create cryptswap /dev/sda6
:~$ sudo mkswap -f /dev/mapper/cryptswap -v1

:~$ sudo reboot

:~$ sudo blkid # after reboot
[sudo] password for thebiz:
/dev/sda1: LABEL="Win7" UUID="FAEEAD46EEACFBCF" TYPE="ntfs"
/dev/sda2: UUID="123EABF73EABD251" TYPE="ntfs"
/dev/sda4: LABEL="LENOVO_PART" UUID="32588AD8588A9A6D" TYPE="ntfs"
/dev/sda5: LABEL="Ubuntu" UUID="0288dc9a-30c5-4a83-ace9-c8c93318a798" TYPE="ext4"
/dev/sda7: LABEL="CentOS" UUID="722a724d-9bdb-4e6b-b7c0-4e7a22e24380" TYPE="ext4"
/dev/sda8: UUID="8528880f-a0d6-4e5a-8f59-a445f72d8863" TYPE="swap"
/dev/sda9: LABEL="OpenSUSE" UUID="7cf9c051-88ce-4d17-905c-d39d2c58c415" UUID_SUB="3d3fdd6b-5511-41fe-ac5e-fbb6f4a2d7b1" TYPE="btrfs"
/dev/sda10: UUID="cad1d000-7ecd-453d-bb3e-c28790d85bee" TYPE="swap"
/dev/sda11: UUID="6d721972-8566-409e-b796-c1429d7670b0" TYPE="crypto_LUKS"
/dev/sdb1: LABEL="mydocuments" UUID="0AAACA9649E772A8" TYPE="ntfs"
/dev/sdb2: UUID="697d8f2a-4d77-4a4c-b48a-a90a525e31b1" TYPE="ext4"
/dev/mapper/secret-disk: UUID="a6fca341-8e25-463b-8e67-7b6a1fdc82c7" TYPE="ext4"

Diagnostic information B:

thebiz@thebizbot:~$ sudo cryptsetup luksFormat /dev/sda6

WARNING!
========
This will overwrite data on /dev/sda6 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:

thebiz@thebizbot:~$ cat /etc/crypttab
swapcrypt /dev/sda11 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
secret-disk UUID=6d721972-8566-409e-b796-c1429d7670b0 none luks

Click Here!