On 04/10/2017 03:07 PM, 7heo wrote: > Hello all, > > I have a question regarding the deported headers in LUKS, and how it > can be used to simplify the setup of RAID over LUKS: > > The current way to automatically unlock all the drives used in a Raid > array seems to be to add the same key to all the drives in the > array. > > However that doesn't work with detached headers for obvious reasons. > The detached headers can apparently be used on any number of > devices/files at the same time, with one problem: they all have the > same UUID. I tried using the --uuid flag with luksOpen without > success. You cannot change UUID for activated LUKS device, UUID must match the header (otherwise libcryptsetup cannot handle many functions). But you can simply duplicate detached header and then change UUID inside that duplicated header (use luksUUID --uuid to do that). (IOW every device will have own header that differs only in UUID.) (In future there will be much simpler way to do that using kernel keyring but that will be part of LUKS2.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
