On 04/06/2016 07:59 AM, David Christensen wrote: > On 04/05/2016 10:38 PM, Milan Broz wrote: >> On 04/06/2016 06:25 AM, David Christensen wrote: >> LUKS device cannot be used with random volume key, so I guess you use >> just plain device without header. (So obviously header backup fails because >> there is no header.) Just one correction of my own words - LUKS key has random volume key, just it is generated once and stored in keyslots. It cannot be easily just regenerated on every boot (or you have to run luksFormat - and this makes no sense, plain device fits better here). > Thank you for the information. > > >> >> You can verify it by checking entry in /etc/crypttab - no luks keyword: >> >>> # grep sda2 /etc/fstab >>> /dev/mapper/sda2_crypt none swap >> >> or running "cryptsetup status sda2_crypt" over unlocked device >> (type is LUKS1 for LUKS devices) > > # cryptsetup status sda2_crypt > /dev/mapper/sda2_crypt is active and is in use. > type: PLAIN > cipher: aes-xts-plain64 > keysize: 256 bits > device: /dev/sda2 > offset: 0 sectors > size: 976896 sectors > mode: read/write > > > So, what I'm seeing is expected and correct, because a random-key > encrypted swap uses dm-crypt on the raw partition, there is no LUKS > container, and therefore no LUKS header to back up (?). Yes, that's correct - you can also see that data offset as 0 sectors, so the whole device is used. In fact, there is no need to run any backup - the whole swap device should get new random key and is reformatted (mkswap) on every boot. (It cannot be used for hibernation.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
