3

I have my external drives setup with LUKS + password. I would like to increase the security to password + keyfile. For internal storage this seems to be trivial but I'm not sure how to approach this for an external drive. /dev/sdX seems like a poor choice for external drives and I can't find the UUID for the USB-drive.

I've tried:

  • blkid - this gives the UUID for the local LUKS drives e.g. `/dev/sdc1' but not for any of the external drives with LUKS
  • The sudo dmsetup deps -o devname returns the drives e.g. (sde) and (sdc1) but no UUID.
  • cat /proc/mounts gives me where the LUKS mappers are mounted but not anything more detailed.
  • I've tried unmounting a drive but that didn't do that much good and the drive seems to still be mapped in /dev/mapper

Using lsblk as suggested by AlexP

The lsbslk output does give the UUID but it isn't trivial to interpret:

NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT          NAME           MOUNTPOINT          UUID
sda              8:0    0   477G  0 disk                      sda                                
├─sda1           8:1    0   512M  0 part  /boot/efi           ├─sda1         /boot/efi           F2BB-F970
├─sda2           8:2    0 412,5G  0 part  /                   ├─sda2         /                   4d1c2b61-d9eb-4a3f-b4cf-fae15479670c
└─sda3           8:3    0  63,9G  0 part                      └─sda3                             31b267cb-c89f-4662-a68b-74667fb26b48
  └─cryptswap1 252:0    0  63,9G  0 crypt [SWAP]                └─cryptswap1 [SWAP]              b854bc4f-e822-4917-9373-18eba9b2eb35
...
sde                                                                                              1a3d7d94-373e-4087-aadd-0b3ce09078b5
└─luks-1a3d7d94-373e-4087-aadd-0b3ce09078b5
               252:4    0  16,4T  0 crypt /media/musr/Ext_icy └─luks-1a3d7d94-373e-4087-aadd-0b3ce09078b5
                                                                            /media/musr/Ext_icy  42d1104f-3a51-4950-ac70-f3ea1148760c

It looks like there are two UUID's reported for sde - one for the drive and one for the mounted LUKS

Community
  • 1
Max Gordon
  • 195

1 Answers1

11
sudo lsblk -o +name,mountpoint,uuid

The sudo is important to show unmounted partitions.

Disks don't necessarily have UUIDs, only partitions usually do. UUIDs are metadata which need to be stored on the partition in a format understood by the system. The system understands UUID of partitions which are formatted ext3, ext4, swap, LUKS, FAT, LVM and so on. On disks which use the relatively new GPT partition table, partitions also have a partuuid which is stored in the partition table, and you can access them as entries in /dev/disk/by-partuuid/.

AlexP
  • 10,197
  • Awesome, will try on Monday when I'm back at work. Thanks! – Max Gordon Nov 11 '16 at 16:13
  • Your answer works like a charm. You mention that disks don't have UUIDs, from the lsblk output it seems that there are two UUID's. Could you explain the difference between them and ideally also which one to use? – Max Gordon Nov 14 '16 at 07:19
  • So the /etc/crypttab should have the LUKS container - 1a3d7... – Max Gordon Nov 14 '16 at 09:06
  • @AlexP I think you're replying to the wrong post. You're replying to the correct answer here, not the OP. You might consider removing your replies or moving them. Removing probably better as they just repeat the accredited answer. – RichieHH Oct 27 '23 at 08:15