On 2018-02-15 16:38, Ondrej Kozina wrote: > Hi, > > On 02/15/2018 03:56 PM, Mikhail Morfikov wrote: >> >> So the header was created on the /boot/ partition instead of the sdb1 partition. >> The /boot/ partition is placed on a micro sd card, but unfortunately my laptop >> isn't able to boot from the sd card, and now I have to "reattach" the header to >> the encrypted partition. > If there's real data on /dev/sdb1 it won't be easy. The LUKS header is supposed > to be placed in the head part of your device. The restore process would > overwrite your ciphertext data (usually filesystem superblock plus some data). > In fact, that's what the message was trying to warn you about. > >> >> The question is how to do it properly, of course if it's doable at all? Will the >> "luksHeaderRestore" command be useful in this case, or do I have to do some >> magic to attach the header to the encrypted container? > > You would have to shift the filesystem/data and make a free space in the head > area of /dev/sdb1 for the LUKS header. It's possible but in my opinion it's not > worth the risk. So, If you have a spare drive I'd perhaps copy all data to a new > drive and later luksFormat the /dev/sdb1 again with luks header placed in the > head of /dev/sdb1. But sure it depends what's the size of your data and so on. > >> >> I checked what will happen when I issue the "luksHeaderRestore" command giving >> it the header file, but it gives me the following warning, and I don't know >> whether I should say "YES" to that question. >> >> WARNING! >> ======== >> Device /dev/sdb1 does not contain LUKS2 header. Replacing header can destroy >> data on that device. > > The warning is correct. Don't answer yes if you have real data on /dev/sdb1. > > Regards > Ondrej Thanks for the answer. I see what I can do about it. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
