0

I've followed this page to make a partition encrypted.

When I format the created luks volume I do this:

root@M17A:/home/mike# sudo mkfs.ext4 /dev/mapper/cryptpart 
mke2fs 1.45.5 (07-Jan-2020)
Creating filesystem with 25595904 4k blocks and 6406144 inodes
Filesystem UUID: d92e97e5-c89f-4b24-b63f-e36fcdb98da9
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
    4096000, 7962624, 11239424, 20480000, 23887872
...

That UUID there "d92e..." then becomes incorporated into the location, without me configuring it, so that the path to the root directory of the ready-for-use now unlocked encrypted volume is

/media/mike/d92e97e5-c89f-4b24-b63f-e36fcdb98da9

From this location I got the idea of running a command like this:

sudo cryptsetup config /dev/sdc3 --label MAIN

... where dev/sdc3 is the partition which has now been encoded. But it doesn't work: when I boot up, this sdc3 partition is indeed given the alias "MAIN", but this disappears when I enter the password to unlock the partition. The partition then goes back to being "105 GB Volume", and the actual path to the ready-for-use root directory of the now unlocked luks volume is as above.

Needless to say, I have tried many, many permutations to try and get the encryption system to accept a configured path chosen by me. To no avail.

I have set up a symlink for ease of use. But it's still irksome and I want to know if there's any way of telling the encryption app to configure with a particular path such as "/media/mike/MAIN" when it unlocks the luks volume.

mike rodent
  • 1,092
  • 1
  • 11
  • 21

1 Answers1

0

You need to label the ext4 filesystem you are mounting not the LUKS container. So after unlocking it run

sudo e2label /dev/mapper/cryptpart MAIN

(I am assuming the LUKS cleartext device is called /dev/mapper/cryptpart here because you used the same device name in your question when formatting it to ext4. If the name changed (depends on how you open/unlock the device), adjust the /dev/mapper/<device name> part accordingly. You can run lsblk to check the name if you are not sure.)

Or to be more precise you need to do both -- label the LUKS container to have the name displayed when it's locked (before you enter the passphrase) and also the filesystem to use the label in the mountpoint. Filesystem label is used when mounting (because you are mounting the filesystem, this is same as for unecrypted devices), LUKS label is used when the device is locked (because at that time the filesystem header on the disk which contains the filesystem label is encrypted).

Vojtech Trefny
  • 16,922
  • 6
  • 24
  • 48
  • Thanks... I'm struggling to understand what to do at this point. Entering that command as is, I get "e2label: No such file or directory while trying to open /dev/mapper/cryptpart Couldn't find valid filesystem superblock." ... but maybe I am meant to run that command *before* I mount things? – mike rodent Jan 02 '22 at 14:39
  • But I tried that too, at reboot: same error. – mike rodent Jan 02 '22 at 14:48
  • You must first open/unlock the LUKS device using `sudo cryptsetup luksOpen /dev/sdc3 cryptpart` and then run the `e2label` command. I'm not sure how you are opening the device, but you used `/dev/mapper/cryptpart` when running `mkfs` in the question so I assumed the device name didn't change. You can check with `lsblk`. `e2label` works for mounted devices too so it doesn't matter whether it is mounted or not. – Vojtech Trefny Jan 02 '22 at 14:53
  • I checked the the tutorial you are using, if you didn't change the device name in `/etc/crypttab`, it should still be `/dev/mapper/cryptpart`, if you changed the name in there (first column), you need to use the new name: `/dev/mapper/`. – Vojtech Trefny Jan 02 '22 at 14:59