Well, I cannot tell you anything about LVM2 (I think it complicates things without need or benefit), but as far as I can see, it is not yet involved. Now, your problem is not in the FAQ because it is not a LUKS problem. The thing is that an extended partition (sda4) is not a (data-)partition! What it is is a "partition container" where you can put logical partitions in. It really is not a surprise cryptsetup (or anything else) cannot read or write it. You have 2 choices: 1. Make sda4 a primary partition (thereby making yourself unable to create any additonal partitions, as there is only space for 4 primary ones) 2. Create a logical partition of desired size in sda4 and put LUKS on that. Arno On Fri, Mar 21, 2014 at 01:59:27 CET, Tom Roche wrote: > > summary: LUKS newbie wants to LUKS/LVM2 on a dualboot, but several attempts to `cryptsetup luksFormat` the target partition have failed. > > details: > > (Apologies if this is a FAQ, but I'm not seeing answers from "the FAQ" > > http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions > > or DDGing or googling the Subject above, as well as differing combinations of its terms.) > > I have a laptop that came with Windows, which I previously dualbooted with a Debian Linux (LMDE), and on which I previously experimented with LUKS. It currently has > > $ sudo fdisk -l /dev/sda > > Warning: invalid flag 0x0000 of partition table 5 will be corrected by w(rite) > > > Disk /dev/sda: 500.1 GB, 500107862016 bytes > > 255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors > > Units = sectors of 1 * 512 = 512 bytes > > Sector size (logical/physical): 512 bytes / 512 bytes > > I/O size (minimum/optimal): 512 bytes / 512 bytes > > Disk identifier: 0xce0b2a49 > > > Device Boot Start End Blocks Id System > > /dev/sda1 2048 34818047 17408000 27 Hidden NTFS WinRE > > /dev/sda2 * 34818048 239618047 102400000 7 HPFS/NTFS/exFAT > > /dev/sda3 239618048 240642047 512000 83 Linux > > /dev/sda4 240642048 976773119 368065536 5 Extended > > I'd like to keep the first 2 partitions (i.e., their current contents should be kept as-is): > > - /dev/sda1 = OEM diagnostics > - /dev/sda2 = OEM Windows > > and redo the latter partitions (i.e., their current contents can be lost): > > + /dev/sda3 = Linux boot > + /dev/sda4 = to be LVM2-manageable, LUKS-encrypted > > I'm now experimenting with PePa's script for installing LMDE with LUKS and > LVM2 > > http://j.mp/makelmdescript > > which I've copied to a git repo > > https://bitbucket.org/tlroche/install_resizable_encrypted_lmde > > to facilitate better collaboration, extension, etc. I've added the script > > https://bitbucket.org/tlroche/install_resizable_encrypted_lmde/raw/HEAD/install_LMDE_plus_LUKS_LVM2.sh > > to a LiveUSB installer of LMDE-201403 (the latest), which boots and installs correctly: i.e., I have used that LiveUSB for another install (which appears good), and it boots the box on which I want to install the LMDE/LUKS/LVM2 combination. Once booted, I can > > 1. open a terminal (to bash) > 2. run `cryptsetup benchmark` > 3. open the script in an editor > 4. `sudo -i` to become root > 5. start running lines from the script (to learn more about it) > > My problem is when I first start try to encrypt /dev/sda4: > > # cryptsetup isLuks /dev/sda4 # null response > # echo -e "cryptsetup isLuks==$?" > > cryptsetup isLuks==1 > # cryptsetup luksFormat --cipher=serpent-xts-plain64 --key-size=256 --hash=sha256 /dev/sda4 > > > > WARNING! > > ======== > > This will overwrite data on /dev/sda4 irrevocably. > > > > Are you sure? (Type uppercase yes): YES > > Enter passphrase: > > Verify passphrase: > > Cannot wipe header on device /dev/sda4. > > How to fix? Some things I've tried (knowing almost nothing about LUKS or dm-crypt): > > 1. different cipher=aes-xts-plain64 (though `cryptsetup benchmark` shows serpent running much faster on my hardware): no change (wasn't expecting one :-) > > 2. `wipefs -a /dev/sda4`, then rerun `cryptsetup luksFormat ...`: no change. > > 3. `dd if=/dev/zero of=/dev/sda4`, then rerun `cryptsetup luksFormat ...`: no change. > > In addition to the general question (how to fix?) I'd also like to know more about the cause: is this problem related to > > * the warning above? > > > Warning: invalid flag 0x0000 of partition table 5 will be corrected by w(rite) > > * the fact that I'm attempting to install to an extended partition. E.g., do I need to create a logical partition=/dev/sda5 inside the extended partition=/dev/sda4 ? > > Your assistance is appreciated, Tom Roche <Tom_Roche@xxxxxxxxx> > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
