Also, if you are sure this is a satisfactory solution, please mark this thread as [Solved].
]]>If you are going for plausible deniability apparently you do in fact want to encrypt the whole disk. Have you tried /dev/disk/by-id/? It isn't perfect, but it may work.
This solution works.
]]>What exactly is not working? It shouldn't matter if the USB device maps to /dev/sda because the partition with that UUID still resides on the same disk.
I guess I should be more clear. The entire sda device is encrypted. This meas that during the initialization there is no UUID is read from the disk because the filesystem cannot be read until it is unencrypted.
This leaves me in a catch 22 where I cannot use UUID until the device is unencrypted, but I need UUID to boot & decrypt the device properly. Here is an example of what the computer sees in the Arch Install.
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
sdb iso9660 ARCH_201501 2015-01-01-09-54-22-00
├─sdb1 iso9660 ARCH_201501 2015-01-01-09-54-22-00 /run/archiso/bootmnt
└─sdb2 vfat ARCHISO_EFI 9051-9287
sdc
└─sdc1 vfat 4EC5-5B7D (normally /boot)
...
As you can see, sda has no uuid.
So I guess what I'm asking is if there is any alternative method because it does not look like I can use anything in the wiki.
]]>cryptdevuce=UUID=xxxx-xxxx:root
sda
└ root /
sdb
└ sdb1 /boot
This forces the use of /dev/sda for booting, but occasionally a USB device is mapped to sda instead.
Is there a way to use Persistent Block Device Naming for this type of FDE?
]]>