Mailinglist Archive: opensuse (3831 mails)

< Previous Next >
Re: [opensuse] encrypted usb drives - fixed mount points
  • From: "Dennis E. Slice" <dslice@xxxxxxxxxxxxxxxxx>
  • Date: Tue, 16 Jan 2007 13:15:41 -0500
  • Message-id: <45AD164D.6030009@xxxxxxxxxxxxxxxxx>
Well, I have my system the way I want it. Thought I would post a summary
that might help others.

CPU: Dell gx240
OS: SUSE 10.0

I bought a Western Digital 320GB mybook to replace/augment a WD120GB
drive. Liked it, so I bought another.

Basically, I connected the drives and used YAST2|System|Partitioner to
delete the FAT32 partition that came with the drive, then created a
single encrypted reiserfs partition on each drive.

For unencrypted drives, an entry with something like /dev/sda1 is
entered into the fstab. For encrypted ones, a similar entry is made in
/etc/cryptotab.

To specify where each drive is mounted (you can't know if it will be
sda, sdb, etc.) reference the drive by its entry in /dev/disk/by-id/
(see below). I.e., simply replace /dev/sda or whatever with the
approprite /dev/disk/by-id/... There are two entries in this directory
for each drive - one with and one without the -parti. The one without is
the physical drive, the one with is the partition on that drive. I
suppose other -partis would appear if you had more partitions. You can
unplug drives to figure out which is which if you are working with
identical drives.

File contents (<snip> was a long serial number of the drive):

In /etc/fstab...

/dev/disk/by-id/usb-WD_1200BB_<snip>-part1 /media/USB120 reiserfs
user,noauto,acl 0 0


In /etc/cryptotab...

/dev/loop0 /dev/disk/by-id/usb-WD_<snip>-part1 /media/USB320_0
reiserfs twofish256 acl,user_xattr
/dev/loop1 /dev/disk/by-id/usb-WD_<snip>-part1 /media/USB320_1
reiserfs twofish256 acl,user_xattr

NOTE: If you work with one drive at a time, the partitioner will put
multiple /dev/loop0s in the cryptotab. You have to give each a unique
number.

These encrypted drives don't automatically mount AFAIK, so I have a
little script I run as su when I (re)boot the computer. Something like:

script: usbmount...

umount /dev/sda1
umount /dev/sdb1
umount /dev/sdc1
/etc/init.d/boot.crypto start
mount /media/wd120


There are some leftovers in this script: the encrypted drives (in
/etc/cryptotab) don't automatically mount. The umount commands were
there to unmount the unencrypted USB120 when I was transferring files -
it needed to be remounted for performance.

The encrypted partitions are mounted by the "/etc/init.d/boot.crypto
start" line and you are asked for the password for the encrypted volumes.

One thing to note. My system had USB1.1, so I bought a cheap USB 2.0 PCI
card. For unencrypted drives, that improved performance 20X, but only
around 10X for encrypted volumes. That is, there is about a 50%
performance hit due to running encryption, but it is not really
noticable to me in use.

Hope this helps someone.

Ciao and thanks to all who helped me.

Dennis E. Slice wrote:
> Hi, All.
>
> I have been using an external WD 120GB USB drive, and have just added a
> WD320 MyBook. To upgrade my overall security, I formatted the latter as
> an encrypted drive using the SUSE partition manager. I like it, and am
> thinking of getting a matching drive so I can have a data drive and a
> backup - WD320A and WD320B.
>
> The problem I have is that I cannot anticipate where the different
> drives will be attached during boot up - /dev/sda1, /dev/sdb1. If these
> change, and they do, my mount points become useless.
>
> For unencrypted drives, I have found that one can mount by label in
> /etc/fstab, e.g., LABEL=WD320A, and can set the label using the SUSE
> partitioning program.
>
> I cannot, however, find a similar procedure for encrypted partitions -
> you cannot, apparently, specify a label for an encrypted drive/partition
> with the provided partition program.
>
> I have searched a bit, but can find no solution on the web or news groups.
>
> To summarize, I would like to either force the mounting of encrypted
> partitions on external USB drives to /dev/sda1, etc. Or, would like to
> be able to mount encrypted drives correctly without regard to their
> /dev/sdxx.
>
> Does anyone have a solution to this problem? Can someone point me toward
> a relevant discussion?
>
> OS: SUSE 10.0
>
> TIA

--
Dennis E. Slice
Department of Anthropology
University of Vienna
========================================================
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References