On 08/02/2018 11:28 AM, Michael Kjörling wrote:
On 2 Aug 2018 11:20 +0200, from okozina@xxxxxxxxxx (Ondrej Kozina):
Ok, I know what's wrong. The convert action works as expected and
there's nothing wrong with data offset. The issue is
cryptsetup-reencrypt utility currently can't handle setup where
existing LUKS2 header, on a device you're about to reencrypt is
different size from default LUKS2 header size which is 4MiBs
currently. The converted header is as you wrote 2MiBs.
Sounds to me like that should be easy enough to add an early check and
specific error message for. Even if the error is just something like
"this container cannot be converted to LUKS2 because of header size
mismatch, no changes made", it's far better than erroring out with a
scary error message. cryptsetup-reencrypt is scary enough as it is.
In my reproducer, the data were not damaged and I think neither were in
Ingo's case (but can't speak for him). In fact, cryptsetup library
behaved correctly and identified the mismatch. It's exactly just missing
error message in cryptsetup-reencrypt as you pointed out. The
reencryption stopped while creating header backups so no harm done (in
my case). But let me think about it for some time yet.
O.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
