On 01/14/2018 07:36 PM, Geo Kozey wrote: > Thanks for the answers! > >> ---------------------------------------- >> From: Milan Broz <gmazyland@xxxxxxxxx> >> >> IOW: unlocking (luksOpen) will always map the device, only the later access to device >> could fail with integrity error (that is propagated to userspace as IO error). >> >> You can overwrite such a failed sectors using direct-io write to fix auth tags then. >> > > Can you give me example tools/commands which I can use to fix this? Basically dd with proper parameters (skip, seek) and oflag=direct should work. (The direct-io is needed to avoid page-cache reads. If the IO is aligned to page, it should probably work with normal write but direct-io works always, just it must be aligned to undrelying device sector sizes.) I have also trivial tool that tries to read device per sectors and if it detects IO error it tries wipe to "fix" it. (This was used for development.) Wiping code is already integrated to cryptsetup, the selective sector repair will probably need to be added to LUKS repair command later. (Source is here https://github.com/mbroz/dm_int_tools ) And if you are using dm-integrity device with integritysetup tool (no encryption, just integrity checksums), you can actually use --integrity-recovery-mode option that will ignore checksums and allows you access data directly. (But this is not possible with LUKS2 and authenticated encryption.) m. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
