How can I set a label on a dm-crypt+LUKS container?
Solution 1
for a permanent solution to change the label of the container, use:
sudo cryptsetup config /dev/sdb1 --label YOURLABEL
Solution 2
This method seems to have worked for me: http://www.cyberciti.biz/faq/linux-partition-howto-set-labels/
So, if you are using an EXT filesystem (I'm using ext4 here):
- Unlock the LUKS partition.
-
Set the name of the unlocked filesystem (not LUKS partition).
e2label <path> <name>The
pathgeneraly is/dev/mapper/<something>if using cryptsetup. But in my case, because I'm using udisks, it was/dev/dm-x, wherexis a number.
I think this method stores the information on the removable media, as you wanted, but I still didn't test.
Solution 3
I think the solution is to write udev rules like this.
KERNEL=="sd*", ENV{ID_FS_UUID}=="your-sdb1-uuid", ENV{ID_FS_LABEL}="Partition_1", ENV{ID_FS_LABEL_ENC}="Partition_1"
KERNEL=="sd*", ENV{ID_FS_UUID}=="your-sdb2-uuid", ENV{ID_FS_LABEL}="Partition_2", ENV{ID_FS_LABEL_ENC}="Partition_2"
Solution 4
I've found the combination of the answers by @kristóf-szalay and @someone to be what I want, and I've added some notes.
Specifically:
sudo cryptsetup config /dev/sdb1 --label YOURLABEL
ITO the original question, this will allow the icon in your DM to show with YOURLABEL
If you were to open the crypt by double clicking, it'll be mounted as
/media/user/uuid
eg:
/media/fred/e54e89a-.....
Which again could cause confusion, say if you're in the CLI.
By doing:
e2label <path> <name>
That name will cause the mounted path to take on the value of <name>:
/media/fred/name
Related videos on Youtube
21 : 45
06 : 47
13 : 49
03 : 01
14 : 44
11 : 45
33 : 25
Comments
-
yorkshiredev over 1 year
I just received a new USB flash drive, and set up 2 encrypted partitions on it. I used dm-crypt (LUKS mode) through
cryptsetup. With an additional non-encrypted partition, the drive has the following structure:/dev/sdb1, encrypted, hiding an ext4 filesystem labelled "Partition 1"./dev/sdb2, encrypted, hiding another ext4 filesystem, labelled "Partition 2"./dev/sdb3, clear, visible ext4 filesystem labelled "Partition 3".
Because the labels are attached to the ext4 filesystems, the first two remain completely invisible as long as the partitions haven't been decrypted. This means that, in the meantime, the LUKS containers have no labels. This is particularly annoying when using GNOME (automount), in which case the partitions appear as "x GB Encrypted" and "y GB Encrypted" until I decide to unlock them.
This isn't really a blocking problem, but it's quite annoying, since I really like my labels and would love to see them appear even when my partitions are still encrypted.
Therefore, is there a way to attach labels to dm-crypt+LUKS containers, just like we attach labels to ext4 filesystems? Does the dm-crypt+LUKS header have some room for that, and if so, how may I set a label?
Note that I don't want to expose my ext4 labels before decryption, that would be silly. I'd like to add other labels to the containers, which could appear while the ext4 labels are hidden.
-
Admin over 8 yearsWas the USB drive partitioned with MBR or GPT? I believe you can label GPT partitions, which may help you. -
Admin over 8 yearsI lied (well partially) - I created a GPT partition on an USB stick and used
gdiskto give that partition a label. When I then created a filesystem on that partition, GNOME only recognised it as a "501 MB Volume". So while you can label it, GNOME doesn't recognise partition labels; only filesystem labels. -
Admin over 8 years@garethTheRed You checked at the same time as I did then! I reformatted my drive using GPT (I had used
fdisk's default MBR mode), and partition names don't appear in GNOME. However, the question wasn't really GNOME-specific, and while the GPT names trick acts at a lower level, this might still be a valid solution to the problem I described. I'll wait a bit more to see if someone has a solution acting at the LUKS level, but I think GPT partition names could be the content of a valid answer. -
Admin over 8 yearsLUKS volumes don't have a name. They only get assigned one when the device is mapped, which can't happen until you've supplied the key. Your only solutions are to find some way to tell Gnome about some name that isn't “physically” attached to the volume, or to give a name to an encompassing volume (e.g. the partition). P.S. This question is fine here, and would be off-topic on Information Security since it isn't about security, it's about using an end-user tool that happens to do something security-related.
-
Admin over 7 yearsIf you set a partition label, you'll get an appropriately-named symlink in
/dev/disk/by-partlabel. I know that doesn't help for tools that don't look there, but it does give a stable path you can use in scripts and such.
-
yorkshiredev over 8 yearsWorks like a charm! Even though I would have preferred a solution which involves storing the information on the removable media, I'm afraid I'll have to stick with some system-specific configuration after all. Besides, the question had become rather specific once GNOME got involved: I'm quite glad someone found a solution which doesn't depend on its behaviour.
-
yorkshiredev about 8 yearsThank you, but unfortunately this cannot work with LUKS containers, which conceal every bit of information about their inner filesystems (including their labels). The idea here was to name the LUKS container, not what's hidden inside it, so that the name would appear even when the container is still encrypted :p (see my 2nd paragraph)
-
Torin over 4 yearsMight be worth specifying that this only works for LUKS2 headers, but definitely the best solution
-
Yuri Sucupira over 2 yearsI wanted to label both the container (i.e. luks) partition and the encrypted/contained (i.e. ext4) one. Kristóf's answer helped me label the container partition and your answer helped me label the encrypted/contained one (after I "opened" it by providing its password). Thanks.
