|
dm-crypt, I did get the scenario to seemingly work where I encrypt the whole block device, and use
parted to creates a partition on the device mapper device. I attached a file showing the command sequence.. My questions here are: Is this a valid use case, and also, can I set the starting block on my partition On the device mapper device to be at 1 MB, or would that conflict
with any of the Luks header info on the actual drive? Steve Houtchen From: Houtchen, Steven Hello, I am trying to use “crypsetup” setup ant “parted” together. I want to use “cryptsetup” to encrypt a whole solid state disk, and then use “parted” to create partitions on it with a GPT partition table. I have be able to do the first task, but not the second. Or vice versa. Create a few partitions, and then optionally encrypt each one individually. I have be able to do the first task, but not the second. So my question is, is “cryptsetup” compatible with parted and
GPT partition table? Or do need to use something like “lvm2” to accomplish what I am trying to do? I am using CentOS7 with [root@dts1 ~]# cryptsetup --version cryptsetup 1.6.7 [root@dts1 ~]# [root@dts1 ~]# parted --version parted (GNU parted) 3.1 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by <http://git.debian.org/?p=parted/parted.git;a=blob_plain;f=AUTHORS>. [root@dts1 ~]# Thanks for any help you can give me.. Steve Houtchen _______________________________________________________________________ This e-mail and any files transmitted with it are proprietary and intended solely for the use of the individual or entity to whom they are addressed. If you have reason to believe that you have received this e-mail in error, please notify the sender and destroy this e-mail and any attached files. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the Curtiss-Wright Corporation or any of its subsidiaries. Documents attached hereto may contain technology subject to government export regulations. Recipient is solely responsible for ensuring that any re-export, transfer or disclosure of this information is in accordance with applicable government export regulations. The recipient should check this e-mail and any attachments for the presence of viruses. Curtiss-Wright Corporation and its subsidiaries accept no liability for any damage caused by any virus transmitted by this e-mail. |
[root@dts1 ~]# wipefs -a /dev/rmc0 --force
/dev/rmc0: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54
/dev/rmc0: 8 bytes were erased at offset 0x7470c05e00 (gpt): 45 46 49 20 50 41 52 54
/dev/rmc0: 2 bytes were erased at offset 0x000001fe (PMBR): 55 aa
/dev/rmc0: calling ioclt to re-read partition table: Success
***
[root@dts1 ~]# dd if=/dev/zero of=/dev/rmc0 bs=512 count=1024
1024+0 records in
1024+0 records out
524288 bytes (524 kB) copied, 0.0241128 s, 21.7 MB/s
***
[root@dts1 ~]# cryptsetup luksFormat /dev/rmc0
WARNING!
========
This will overwrite data on /dev/rmc0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
[root@dts1 ~]# cryptsetup luksOpen /dev/rmc0
Command requires device and mapped name as arguments.
[root@dts1 ~]# cryptsetup luksOpen /dev/rmc0 devrmc0
Enter passphrase for /dev/rmc0:
[root@dts1 ~]#
***
[root@dts1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 7.6G 0 disk
+-sda1 8:1 0 200M 0 part /boot
+-sda2 8:2 0 3.4G 0 part /
+-sda3 8:3 0 200M 0 part /home
sdb 8:16 1 58.4G 0 disk
+-sdb1 8:17 1 58.4G 0 part
sdc 8:32 0 465.8G 0 disk
+-devrmc0 253:0 0 465.8G 0 crypt
***
[root@dts1 ~]# parted /dev/mapper/devrmc0
GNU Parted 3.1
Using /dev/mapper/devrmc0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel
New disk label type? gpt
(parted) mkpart
Partition name? []? iSCSI0:rmc0p1
File system type? [ext2]?
Start? 8000
End? 16000
(parted) print
Model: Linux device-mapper (crypt) (dm)
Disk /dev/mapper/devrmc0: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 8000MB 16.0GB 8001MB iSCSI0:rmc0p1
(parted) print
Model: Linux device-mapper (crypt) (dm)
Disk /dev/mapper/devrmc0: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 8000MB 16.0GB 8001MB iSCSI0:rmc0p1
(parted) quit
Information: You may need to update /etc/fstab.
***
[root@dts1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 7.6G 0 disk
+-sda1 8:1 0 200M 0 part /boot
+-sda2 8:2 0 3.4G 0 part /
+-sda3 8:3 0 200M 0 part /home
sdb 8:16 1 58.4G 0 disk
+-sdb1 8:17 1 58.4G 0 part
sdc 8:32 0 465.8G 0 disk
+-devrmc0 253:0 0 465.8G 0 crypt
+-devrmc0p1 253:1 0 7.5G 0 part
***
[root@dts1 ~]# cryptsetup luksDump /dev/rmc0
LUKS header information for /dev/rmc0
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 7a 17 c2 70 f1 fa 33 11 a7 ec ff bf e0 c4 f9 e2 38 ab 99 a3
MK salt: 34 14 70 c2 22 ea 11 4c 70 a8 9f 4d 06 ba c2 4f
1c 89 04 e6 b9 17 7a b9 e1 03 8e 8d 78 a1 22 56
MK iterations: 6500
UUID: 78c5666f-ca4e-4127-982e-d04e85dc1329
Key Slot 0: ENABLED
Iterations: 26100
Salt: ad 42 10 c7 33 f5 0a fc c6 19 85 ff 2f ec 7a 33
60 80 4c dd 36 59 8e fa 2d ed 08 cf 55 98 61 98
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
[root@dts1 ~]# cryptsetup status devrmc0
/dev/mapper/devrmc0 is active and is in use.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
device: /dev/sdc
offset: 4096 sectors
size: 976769072 sectors
mode: read/write
***
[root@dts1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 7.6G 0 disk
+-sda1 8:1 0 200M 0 part /boot
+-sda2 8:2 0 3.4G 0 part /
+-sda3 8:3 0 200M 0 part /home
sdb 8:16 1 58.4G 0 disk
+-sdb1 8:17 1 58.4G 0 part
sdc 8:32 0 465.8G 0 disk
+-devrmc0 253:0 0 465.8G 0 crypt
+-devrmc0p1 253:1 0 7.5G 0 part
***
[root@dts1 ~]# mkfs.ext4 /dev/mapper/devrmc0p1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
488640 inodes, 1953280 blocks
97664 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2000683008
60 block groups
32768 blocks per group, 32768 fragments per group
8144 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
***
[root@dts1 ~]# mount /dev/mapper/devrmc0p1 /rmc_shares/rmc0p1
***
[root@dts1 ~]# ls -al /rmc_shares/rmc0p1
total 24
drwxr-xr-x. 3 root root 4096 Jan 5 18:08 .
drwxr-xr-x. 6 root root 4096 Jan 7 2012 ..
drwx------. 2 root root 16384 Jan 5 18:08 lost+found
***
[root@dts1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 7.6G 0 disk
+-sda1 8:1 0 200M 0 part /boot
+-sda2 8:2 0 3.4G 0 part /
+-sda3 8:3 0 200M 0 part /home
sdb 8:16 1 58.4G 0 disk
+-sdb1 8:17 1 58.4G 0 part
sdc 8:32 0 465.8G 0 disk
+-devrmc0 253:0 0 465.8G 0 crypt
+-devrmc0p1 253:1 0 7.5G 0 part /rmc_shares/rmc0p1
***
[root@dts1 ~]# parted /dev/mapper/devrmc0 print
Model: Linux device-mapper (crypt) (dm)
Disk /dev/mapper/devrmc0: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 8000MB 16.0GB 8001MB ext4 iSCSI0:rmc0p1
***
[root@dts1 ~]#
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
