Can VeraCrypt use persistent mount points on Linux?

bash mount encryption paths veracrypt

Can VeraCrypt use persistent mount points on Linux?


Windows + VeraCrypt + encrypted volume absolute paths

On Windows I can mount veracrypt encrypted partitions/disks via batch script which employs device name displayed by mountvol.exe. Such an attribute is highly useful since rebooting can lead to alteration of relative path (\Device\Harddisk1\Partition3 --> reboot --> \Device\Harddisk3\Partition3).

My batch script for veracrypt volumes on Windows (shortened form):

@echo
"C:\Program Files\VeraCrypt\VeraCrypt.exe" /v \\?\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\ /l z /m label=Encrypted_1 /q
"C:\Program Files\VeraCrypt\VeraCrypt.exe" /v \\?\Volume{yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy}\ /l f /m label=Encrypted_2 /q
[...]
pause


Linux + VeraCrypt + encrypted volume relative paths only?

I have no knowledge about the existence of parallel command to Windows' /v \\?\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\ avaliable for the Linux commandline. I tried (in vain) --mount=/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx flag, since mountvol.exe volume name is (probably) based on UUID number (imperceptible for blkid, though). Official veracrypt/truecrypt documentation allows Linux user to operate only with relative (variable) paths (/dev/sda3 --> reboot --> /dev/sdc3). Due to inconstancy, paths have to be verified each time after the OS is loaded.

My bash script for mounting veracrypt volumes on Linux (shortened form):

#! /bin/bash
#
echo "Encrypted_1" && veracrypt --mount /dev/sdq --slot=12 --verbose && echo "Encrypted_1"
echo "Encrypted_2" && veracrypt --mount /dev/sdz3 --slot=1 --verbose && echo "Encrypted_2"
[...]


Solution?

Does anyone know whether VeraCrypt volume location can be described in absolute terms on Linux?

If it is not possible, please provide suggestions for achieving the same objective? (eg: udev? fstab?)

Erratum

mountvol.exe recognizes GUID, not UUID as was written above.


I have elaborated below answer posted by David Foerster and made it more descriptive and clear for other Linux users interested in presented subject.

Linux + VeraCrypt + encrypted volume absolute paths

According to my research, it seems that assignment of absolute path to VeraCrypt volume is impossible (at least currently) (vide: by-id and by-path entry on wiki.archlinux.org under Persistent block device naming (1)).

Linux + VeraCrypt + semi-persistent block device naming

However, we can use semi-persistent block device naming.

1. by-path

/dev/disk/by-path/ depends on shortest physical path (2) and changes as port of controller is switched (3).

To obtain /dev/disk/by-path/ descriptor, type:

ls -l /dev/disk/by-path/

You can use obtained naming to mount VeraCrypt volume:

veracrypt --mount /dev/disk/by-path/[by-path] --slot=6 --verbose

/dev/disk/by-path/[by-path] can replace relative path in bash script:

#! /bin/bash
#
echo "Encrypted_1" && veracrypt --mount /dev/disk/by-path/[by-path1] --slot=12 --verbose && echo "Encrypted_1"
echo "Encrypted_2" && veracrypt --mount /dev/disk/by-path/[by-path2] --slot=1 --verbose && echo "Encrypted_2"
[...]

2. by-id

/dev/disk/by-id/ is created according to device serial number (4). wiki.archlinux.org states that /dev/disk/by-id/ cannot survive hardware changes i.e. scenario where device is plugged to port of controller subjected to different subsystem (5). access.redhat.com, on the other side, claims that /dev/disk/by-id/ can be maintained even if device is accessed by different systems (6). Thus, symlink appears to be quite stable in case of /dev/disk/by-id/ being applied.

To obtain /dev/disk/by-id/ device naming, type:

ls -l /dev/disk/by-id/

Now, when you have correct one, it can be used to mount VeraCrypt volume:

veracrypt --mount /dev/disk/by-id/[id] --slot=6 --verbose

Analogously to what was noted in paragraph one, /dev/disk/by-id/ can be used in bash script:

#! /bin/bash
#
echo "Encrypted_1" && veracrypt --mount /dev/disk/by-id/[id1] --slot=12 --verbose && echo "Encrypted_1"
echo "Encrypted_2" && veracrypt --mount /dev/disk/by-id/[id2] --slot=1 --verbose && echo "Encrypted_2"

Maybe it will be helpful for someone.

Addendum

/dev/disk/by-id/ is not stable enough to forget about correcting mounting script after reboot.


Unfortunately the UUIDs and labels of the file system inside encrypted containers are inaccessible due to encryption and TrueCrypt/VeraCrypt containers don't carry UUIDs or labels on their own (or at least none that udev knows about as opposed to those of LUKS containers).

There's one other sufficiently stable identifier for storage volumes in Linux: disk IDs. You can find them in:

/dev/disk/by-id/

So far I never noticed any dramatic changes to the symbolic links in there, since the names are generated by

  • udev, whose basic storage configuration doesn't change often,
  • based on the manufacturer name, model name and serial number reported by the drive firmware, which also doesn't change often.

Related

External monitor not detected with USB-C adapter
How to install elementary OS AppCenter on Ubuntu?
How to determine gnome-terminal window ID in Ubuntu 17.10?
Slack misses tray indicator
Boot problem after update - missing 'lowerdir'
"csgo_linux64" is not responding
Drag and drop NOT working with Gmail in Firefox, on Ubuntu 18.04
Java 11 to 8: update-alternatives: error: no alternatives for mozilla-javaplugin.so
How can I expand all folders while in the list view?
Can I set a default "About Me" photo?
Adding an interface to a partial class
What is the advantage of partitioning a delta / spark table by year / month / day, rather than just date?