Re: cryptsetup luksClose

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you.


--- January 18, 2012 Milan Broz sent: ---

  On 01/17/2012 10:31 PM, Marc Schwarzschild wrote:
  >
  > Thank you.  I gather from this that I can safely halt or reboot
  > while a disk is mounted, right?
  
   From the LUKS metadata point of view yes (there will be still
  encryption key in memory but that's different problem).
  
   From the filesystem POV above LUKS - it depends. If it is remounted
  read-only, there should be no data loss on [un]expected reboot.
  (If you reboot while some write IOs are in-flight, of course you get
  some corruption.)
  
  Anyway, distro initscripts should handle this during controlled
  shutdown for all mounted devices.
  
  Milan
  
  >
  > --- January 17, 2012 Milan Broz sent: ---
  >
  >    On 01/16/2012 03:48 PM, Marc Schwarzschild wrote:
  >    >  I am setting up an external USB encrypted drive. I can mount it
  >    >  manually after I boot the computer. I understand that I must
  >    >  issue the 'cryptsetup luksClose' after I umount the disk. How do
  >    >  I arrange for this as part of the Debian halt process so it
  >    >  happens automatically when the server is shutdown?
  >
  >    It is not cryptsetup job, it should be part of initscripts/systemd
  >    to correctly unmap active devices on shutdown.
  >    (Usually it tries to unmap all crypto disks except device
  >    with root fs which is just remounted read-only. Recent systemd is able
  >    to unmouteven root device properly.)
  >
  >    For hot-plugged disks it is usually handled by some GUI service,
  >    usually based on udisks.
  >
  >    >  What happens
  >    >  if there is a power failure and 'cryptsetup luksClose' was not
  >    >  executed?
  >
  >    For LUKS, no need to worry after power failure - luksClose
  >    just remove kernel mapping (kernel state) it doesn't touch
  >    on-disk metadata at all.
  >    (Of course there can be some filesystem damage after power failure,
  >    but that's not LUKS related, it can happen even for unencrypted fs.)
  >
  >    Milan
  >

-- 

_________________________________________________________
Marc Schwarzschild 212-580-1175 The Brookhaven Group, LLC
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux