Re: cryptsetup-reencrypt fails after converting a LUKS1 volume to LUKS2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/02/2018 11:28 AM, Michael Kjörling wrote:
On 2 Aug 2018 11:20 +0200, from okozina@xxxxxxxxxx (Ondrej Kozina):
Ok, I know what's wrong. The convert action works as expected and
there's nothing wrong with data offset. The issue is
cryptsetup-reencrypt utility currently can't handle setup where
existing LUKS2 header, on a device you're about to reencrypt is
different size from default LUKS2 header size which is 4MiBs
currently. The converted header is as you wrote 2MiBs.

Sounds to me like that should be easy enough to add an early check and
specific error message for. Even if the error is just something like
"this container cannot be converted to LUKS2 because of header size
mismatch, no changes made", it's far better than erroring out with a
scary error message. cryptsetup-reencrypt is scary enough as it is.


In my reproducer, the data were not damaged and I think neither were in Ingo's case (but can't speak for him). In fact, cryptsetup library behaved correctly and identified the mismatch. It's exactly just missing error message in cryptsetup-reencrypt as you pointed out. The reencryption stopped while creating header backups so no harm done (in my case). But let me think about it for some time yet.

O.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux