Can VeraCrypt use persistent mount points on Linux?
Windows + VeraCrypt + encrypted volume absolute paths
On Windows I can mount veracrypt encrypted partitions/disks via batch script which employs device name displayed by mountvol.exe
. Such an attribute is highly useful since rebooting can lead to alteration of relative path (\Device\Harddisk1\Partition3
–> reboot –> \Device\Harddisk3\Partition3
).
My batch script for veracrypt volumes on Windows (shortened form):
@echo
"C:\Program Files\VeraCrypt\VeraCrypt.exe" /v \\?\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\ /l z /m label=Encrypted_1 /q
"C:\Program Files\VeraCrypt\VeraCrypt.exe" /v \\?\Volume{yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy}\ /l f /m label=Encrypted_2 /q
[...]
pause
Linux + VeraCrypt + encrypted volume relative paths only?
I have no knowledge about the existence of parallel command to Windows' /v \\?\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\
avaliable for the Linux commandline. I tried (in vain) --mount=/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
flag, since mountvol.exe
volume name is (probably) based on UUID number (imperceptible for blkid
, though). Official veracrypt/truecrypt documentation allows Linux user to operate only with relative (variable) paths (/dev/sda3
–> reboot –> /dev/sdc3
). Due to inconstancy, paths have to be verified each time after the OS is loaded.
My bash script for mounting veracrypt volumes on Linux (shortened form):
#! /bin/bash
#
echo "Encrypted_1" && veracrypt --mount /dev/sdq --slot=12 --verbose && echo "Encrypted_1"
echo "Encrypted_2" && veracrypt --mount /dev/sdz3 --slot=1 --verbose && echo "Encrypted_2"
[...]
Solution?
Does anyone know whether VeraCrypt volume location can be described in absolute terms on Linux?
If it is not possible, please provide suggestions for achieving the same objective? (eg: udev
? fstab
?)
Erratum
mountvol.exe
recognizes GUID
, not UUID
as was written above.
Best Answer
I have elaborated below answer posted by David Foerster and made it more descriptive and clear for other Linux users interested in presented subject.
Linux + VeraCrypt + encrypted volume absolute paths
According to my research, it seems that assignment of absolute path to VeraCrypt volume is impossible (at least currently) (vide: by-id and by-path entry on wiki.archlinux.org under Persistent block device naming (1)).
Linux + VeraCrypt + semi-persistent block device naming
However, we can use semi-persistent block device naming.
1. by-path
/dev/disk/by-path/
depends on shortest physical path (2) and changes as port of controller is switched (3).To obtain
/dev/disk/by-path/
descriptor, type:You can use obtained naming to mount VeraCrypt volume:
/dev/disk/by-path/[by-path]
can replace relative path in bash script:2. by-id
/dev/disk/by-id/
is created according to device serial number (4). wiki.archlinux.org states that/dev/disk/by-id/
cannot survive hardware changes i.e. scenario where device is plugged to port of controller subjected to different subsystem (5). access.redhat.com, on the other side, claims that/dev/disk/by-id/
can be maintained even if device is accessed by different systems (6). Thus,symlink
appears to be quite stable in case of/dev/disk/by-id/
being applied.To obtain
/dev/disk/by-id/
device naming, type:Now, when you have correct one, it can be used to mount VeraCrypt volume:
Analogously to what was noted in paragraph one,
/dev/disk/by-id/
can be used in bash script:Maybe it will be helpful for someone.
Addendum
/dev/disk/by-id/
is not stable enough to forget about correcting mounting script after reboot.