Re: can't open LUKS drive after upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I haven't had much success getting help from ubuntu forums, but I'll keep trying.    Any help here is greatly appreciated.

No errors in syslog or kern.log
Using the proper syntax (this time), I can open it:
cryptsetup --debug luksOpen /dev/sdb dm-2
[command successful, no warnings or errors in output]

If I try to mount it:
Error mounting /dev/dm-2 at /media/brad/Maxtor1: can't read superblock on /dev/mapper/dm-2.

cryptsetup --debug luksAddKey /dev/dm-2 /root/keyfile

# cryptsetup 2.0.2 processing "cryptsetup --debug luksAddKey /dev/dm-2 /root/keyfile"
# Running command luksAddKey.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/dm-2.
# Trying to open and read device /dev/dm-2 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/dm-2.
# Crypto backend (gcrypt 1.8.1) initialized in cryptsetup library version 2.0.2.
# Detected kernel Linux 4.15.0-23-generic x86_64.
# Loading LUKS2 header.
# Opening lock resource file /run/cryptsetup/L_253:2
# Acquiring read lock for device /dev/dm-2.
# Verifying read lock handle for device /dev/dm-2.
# Device /dev/dm-2 READ lock taken.
# Trying to read primary LUKS2 header at offset 0.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 8192.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 16384.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 32768.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 65536.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 131072.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 262144.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 524288.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 1048576.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 2097152.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 4194304.
# Opening locked device /dev/dm-2
# Veryfing locked device handle (bdev)
# LUKS2 header read failed (-22).
# Device /dev/dm-2 READ lock released.
# Releasing crypt device /dev/dm-2 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).

dt1:lsblk
NAME                                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                           8:0    0 232.9G  0 disk
├─sda1                                        8:1    0  39.2M  0 part
├─sda2                                        8:2    0  14.2G  0 part
├─sda3                                        8:3    0  37.5G  0 part
├─sda4                                        8:4    0     1K  0 part
├─sda5                                        8:5    0   9.8G  0 part
├─sda6                                        8:6    0 132.6G  0 part  /home
├─sda7                                        8:7    0   500M  0 part
├─sda8                                        8:8    0  15.5G  0 part
│ ├─fedora-root                             253:0    0  13.5G  0 lvm
│ └─fedora-swap                             253:1    0     2G  0 lvm
└─sda9                                        8:9    0  22.8G  0 part  /
sdb                                           8:16   0  93.4G  0 disk
└─luks-3bddbc2d-6432-46df-9851-c86e15478ded 253:2    0  93.4G  0 crypt
sr0                                          11:0    1  1024M  0 rom

dt1: dmsetup table
fedora-swap: 0 4227072 linear 8:8 28305408
fedora-root: 0 28303360 linear 8:8 2048
luks-3bddbc2d-6432-46df-9851-c86e15478ded: 0 195808976 crypt aes-xts-plain64 0000000000000000000000000000000000000000000000000000000000000000 0 8:16 4096



On 07/20/2018 02:05 AM, Milan Broz wrote:
On 19/07/18 20:54, brad wrote:
I have an external hard drive that I have been using for encrypted backups.   It's been working find with xubuntu 16.xx LTS.   Now I've updated to 18.04 and can't mount the drive.

cryptsetup 2.0.2

My notes from last time say to do this:

dd if=/dev/urandom of=/root/keyfile bs=1024 count=4
chmod 0400 /root/keyfile
cryptsetup luksAddKey /dev/sdb /root/keyfile

Which returns:

IO error while encrypting keyslot

If I try to mount from the file manager (thunar) I get this:

Error mounting /dev/dm-2 at /media/brad/Maxtor1: can't read superblock on /dev/mapper/luks-3bddbc2d-6432-46df-9851-c86e15478ded.

More:

cryptsetup luksOpen /dev/sdb Maxtor
Cannot use device /dev/sdb which is in use (already mapped or mounted)

cryptsetup luksClose /dev/sdb
Device sdb not found
You need to use mapped device name, not underlying device.

The IO error above looks like either some hw is broken or there is a stale device that
need to be removed. (Any error in kernel syslog?)

Could you post lsblk and "dmsetup table" output?

Thanks for posting debug log, but please do not edit it.
It should not contain any passphrase sensitive information.

But anyway, Ubuntu has very strange approach to backport some patches
instead of using released upstream packages, so it is better to ask distro
specific channels.

Milan


cryptsetup --debug luksAddKey /dev/sdb /root/keyfile
# cryptsetup 2.0.2 processing "cryptsetup --debug luksAddKey /dev/sdb /root/keyfile"
# Running command luksAddKey.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdb.
# Trying to open and read device /dev/sdb with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sdb.
# Crypto backend (gcrypt 1.8.1) initialized in cryptsetup library version 2.0.2.
# Detected kernel Linux 4.15.0-23-generic x86_64.
# PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 0, parallel_threads 0.
# Reading LUKS header of size 1024 from device /dev/sdb
# Key length 32, device size 195813072 sectors, header size 2050 sectors.
# PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 0, parallel_threads 0.
# Interactive passphrase entry requested.
Enter any existing passphrase:
# Checking volume passphrase [ke***** -1] using passphrase.
# Trying to open key slot 0 [ACTIVE].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access ke***** area.
Key slot 0 unlocked.
# File descriptor passphrase entry requested.
# Adding new ke*****, existing passphrase provided,new passphrase provided.
# Selected ke***** 2.
# Trying to open key slot 0 [ACTIVE].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access ke***** area.
Key slot 0 unlocked.
# Calculating data for key slot 2
# Running pbkdf2(sha256) benchmark.
# PBKDF benchmark: memory cost = 0, iterations = 1310720, threads = 0 (took 25 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1275639, threads = 0 (took 411 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1272543, threads = 0 (took 824 ms)
# Benchmark returns pbkdf2(sha256) 1272543 iterations, 0 memory, 0 threads (for 256-bits key).
# Key slot 2 use 2545086 password iterations.
# Using hash sha1 for AF in key slot 2, 4000 stripes
# Updating key slot 2 [0x41000] area.
# Using userspace crypto wrapper to access ke***** area.
IO error while encrypting ke*****.
# Releasing crypt device /dev/sdb context.
# Releasing device-mapper backend.
# Unlocking memory.
Comsudo cryptsetup --debug luksAddKey /dev/sdb /root/keyfile
# cryptsetup 2.0.2 processing "cryptsetup --debug luksAddKey /dev/sdb /root/keyfile"
# Running command luksAddKey.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdb.
# Trying to open and read device /dev/sdb with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sdb.
# Crypto backend (gcrypt 1.8.1) initialized in cryptsetup library version 2.0.2.
# Detected kernel Linux 4.15.0-23-generic x86_64.
# PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 0, parallel_threads 0.
# Reading LUKS header of size 1024 from device /dev/sdb
# Key length 32, device size 195813072 sectors, header size 2050 sectors.
# PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 0, parallel_threads 0.
# Interactive passphrase entry requested.
Enter any existing passphrase:
# Checking volume passphrase [ke***** -1] using passphrase.
# Trying to open key slot 0 [ACTIVE].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access ke***** area.
Key slot 0 unlocked.
# File descriptor passphrase entry requested.
# Adding new ke*****, existing passphrase provided,new passphrase provided.
# Selected ke***** 2.
# Trying to open key slot 0 [ACTIVE].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access ke***** area.
Key slot 0 unlocked.
# Calculating data for key slot 2
# Running pbkdf2(sha256) benchmark.
# PBKDF benchmark: memory cost = 0, iterations = 1310720, threads = 0 (took 25 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1275639, threads = 0 (took 411 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1272543, threads = 0 (took 824 ms)
# Benchmark returns pbkdf2(sha256) 1272543 iterations, 0 memory, 0 threads (for 256-bits key).
# Key slot 2 use 2545086 password iterations.
# Using hash sha1 for AF in key slot 2, 4000 stripes
# Updating key slot 2 [0x41000] area.
# Using userspace crypto wrapper to access ke***** area.
IO error while encrypting ke*****.
# Releasing crypt device /dev/sdb context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).
mand failed with code -1 (wrong or missing parameters).




_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt


_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux