Hi,
On 02/15/2018 03:56 PM, Mikhail Morfikov wrote:
So the header was created on the /boot/ partition instead of the sdb1 partition.
The /boot/ partition is placed on a micro sd card, but unfortunately my laptop
isn't able to boot from the sd card, and now I have to "reattach" the header to
the encrypted partition.
If there's real data on /dev/sdb1 it won't be easy. The LUKS header is
supposed to be placed in the head part of your device. The restore
process would overwrite your ciphertext data (usually filesystem
superblock plus some data). In fact, that's what the message was trying
to warn you about.
The question is how to do it properly, of course if it's doable at all? Will the
"luksHeaderRestore" command be useful in this case, or do I have to do some
magic to attach the header to the encrypted container?
You would have to shift the filesystem/data and make a free space in the
head area of /dev/sdb1 for the LUKS header. It's possible but in my
opinion it's not worth the risk. So, If you have a spare drive I'd
perhaps copy all data to a new drive and later luksFormat the /dev/sdb1
again with luks header placed in the head of /dev/sdb1. But sure it
depends what's the size of your data and so on.
I checked what will happen when I issue the "luksHeaderRestore" command giving
it the header file, but it gives me the following warning, and I don't know
whether I should say "YES" to that question.
WARNING!
========
Device /dev/sdb1 does not contain LUKS2 header. Replacing header can destroy
data on that device.
The warning is correct. Don't answer yes if you have real data on /dev/sdb1.
Regards
Ondrej
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
