I am partitioning an external 1TB HDD for a small embedded Linux system. I want to encrypt the swap partition. According to the cryptsetep FAQ, you need to use kernel device names (/dev/sda, etc) in /etc/crypttab:
Specifying it directly by UUID does not work, unfortunately, as the UUID is part of the swap signature and that is not visible from the outside due to the encryption and in addition changes on each reboot.
This may become a problem if I attach/rearrange drives later and the device name changes. For example, say the swap is on /dev/sda3. Then I attach a different drive which becomes /dev/sda, pushing the original drive to /dev/sdb. If there exists a third partition on the new drive (now called sda3), it will try to encrypt that drive and use it as swap.
One option given is to make sure sure the partition number is not present on additional disks. So, finally, my question:
Can I use non-contiguous partition numbers? Will they persist across reboots? In other words, could I do this? Note the gap between sda4 and sda8:
/dev/sda1 primary /boot
/dev/sda2 primary /
/dev/sda3 primary /home
/dev/sda4 extended
/dev/sda8 swap (encrypted)
If so, I would feel pretty safe about never seeing sda8 on any other drive.
sda5
orsda6
orsda7
later, even if you leave plenty of space, without starting all over (and even then there are limitations). be sure these partitions fulfill this device's needs for the life of this usage./dev/sda4
be your swap space?