On Thu, 13 Sep 2018 at 00:47:00 +0000, procmem wrote: > Guilhem Moulin: >> On Wed, 12 Sep 2018 at 15:21:00 +0000, procmem wrote: >>> cryptsetup convert /dev/vda5 --type luks2 --debug >>> […] >>> Cannot convert device /dev/vda5 which is still in use. >>> […] >>> Command failed with code -5 (device already exists or device is busy). >> >> As the error message indicates, you need to remove (ie, close) the >> mapped device first. If that device is required for your system to run >> (for instance if it's holding the root file system) you won't be able to >> run `cryptsetup luksClose $name` from the main system; however you >> should be able to perform `cryptsetup convert` from a live CD, or from >> the initramfs image. > > initramfs sounds like the most versatile option. Any pointers on how to > to this? Searching SE turns up irrelevant results. Before rebooting you might want to make sure the ‘algif_skcipher’ kernel module is included in the initramfs image, otherwise you might not be able to open LUKS2 volumes. (See https://bugs.debian.org/896968 for details.) To do so, run the following two commands: echo algif_skcipher | sudo tee -a /etc/initramfs-tools/modules sudo update-initramfs -u Now assuming your bootloader is GRUB, reboot, press <E> to obtain an emacs-like screen, append “ break=premount” to the line starting with “initrd”, and press <Ctrl>+<X> to boot. (The edit is transient and won't survive the next reboot.) You should land into an initramfs debug shell; see initramfs-tools(7) for details. That has probably become off-topic for the dm-crypt list, by the way (discussing how to reboot into an initramfs shell has nothing to do with dm-crypt, LUKS, or cryptsetup(8) per se); the user support channels of your distro might be a better venue for this. -- Guilhem.
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
