I created an encrypted volume with the following command: cryptsetup luksFormat /dev/sdb1 \ --type luks2 \ --cipher aes-xts-plain64 \ --key-size 512 \ --hash sha512 \ --pbkdf argon2i \ --pbkdf-force-iterations 2 \ --pbkdf-memory 1048576 \ --pbkdf-parallel 1 \ --label some_label \ --subsystem "" \ --use-random \ --verify-passphrase \ --verbose \ --header /boot/luks/head.img So the header was created on the /boot/ partition instead of the sdb1 partition. The /boot/ partition is placed on a micro sd card, but unfortunately my laptop isn't able to boot from the sd card, and now I have to "reattach" the header to the encrypted partition. The question is how to do it properly, of course if it's doable at all? Will the "luksHeaderRestore" command be useful in this case, or do I have to do some magic to attach the header to the encrypted container? I checked what will happen when I issue the "luksHeaderRestore" command giving it the header file, but it gives me the following warning, and I don't know whether I should say "YES" to that question. WARNING! ======== Device /dev/sdb1 does not contain LUKS2 header. Replacing header can destroy data on that device. Are you sure? (Type uppercase yes): _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
