All of lore.kernel.org
 help / color / mirror / Atom feed
From: "ingo.schmitt@binarysignals.net" <ingo.schmitt@binarysignals.net>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation.
Date: Mon, 31 Oct 2011 04:30:11 +0100	[thread overview]
Message-ID: <4EAE1643.9030501@binarysignals.net> (raw)
In-Reply-To: <CAP8O3oNnSWO2q5-97XkcpxE-FK7nyyTF1YSSWCf+F+crpr2pEw@mail.gmail.com>

Another idea: Cryptsetup should offer to backup the header
on the same drive when changes to an existing header are requested.

I assume that headers size isn't an issue.

Thx,
Ingo

On 10/31/2011 01:30 AM, Aleksander Swirski wrote:
> I'm pretty sure this warning is only displayed when someone decides to
> create new crypto on some partition or fill encrypted device with random
> data in the next step after setting the password. but just setting the
> password on an existing device makes data unusable without warning. when
> the partitioning is finished there is a list of partitions that will be
> wiped out, and also, during my installation crypto-deviced and /home
> inside LVM was not listed there, but already lost few clicks earlier.
>
> i understand that it wasn't taken into consideration that someone can
> attach existing encrypted device, but only that a new one will be
> created. this is inconsistent with how it goes with unencrypted
> partitions, where you can reattach them without formatting and keep your
> data. so i guess with encrypted partition this should also work that
> way. or maybe i miss the point? i will try to make the whole scenario
> clear, and then send my proposition, to debian-boot@lists.debian.org
> <mailto:debian-boot@lists.debian.org>
>
> On 30 October 2011 23:25, Jonas Meurer <jonas@freesources.org
> <mailto:jonas@freesources.org>> wrote:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA1
>
>     Hi Aleksander,
>
>     Am 30.10.2011 19:56, schrieb Aleksander Swirski:
>      > I will also try to push this info to the debian devs. I'm not sure
>      > how to do that properly (hint appreciated). I know, that the route
>      > of installation I took is not a common one, but a simple warning
>      > would suffice to avoid this kind of trouble. After all my encrypted
>      > LVM and specifically the /home partition within LVM wasn't listed
>      > among those, which are to be erased at any point during the
>      > installation. (I marked them with - K - keep the data)
>
>     I guess that you selected to configure the device which contained the
>     LVM volume group as new encrypted device. Then you where asked for the
>     new passphrase twice, and a new LUKS header was written to the device,
>     overwriting the old LUKS header. That way you shredded all the
>     encrypted data on that device, regardless what it was.
>
>     The partitions you marked as "keep the data" weren't overwritten, just
>     the LUKS header of underlying device was overwritten.
>
>     I agree, that a warning in the Debian Installer is a good idea, but to
>     be honest, there's already a big fat warning:
>
>      > _Description: Really erase the data on ${DEVICE}? The data on
>      > ${DEVICE} will be overwritten with random data. It can no longer be
>      > recovered after this step has completed. This is the last
>      > opportunity to abort the erase.
>
>     (from
>     http://anonscm.debian.org/gitweb/?p=d-i/partman-crypto.git;a=blob;f=debian/partman-crypto.templates)
>
>     If you like to propose changes to the (warnings in the) process of
>     configuring encrypted volumes during installation of Debian, feel free
>     to discuss this on debian-boot@lists.debian.org
>     <mailto:debian-boot@lists.debian.org>. You might as well
>     take a look at the following page:
>     http://wiki.debian.org/DebianInstaller/PartmanCrypto
>
>     Greetings,
>       jonas
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v1.4.11 (GNU/Linux)
>     Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
>     iQIcBAEBAgAGBQJOrc7tAAoJEFJi5/9JEEn+bo4P/0vX3AxnpXzWO3NUvYW2wh6H
>     k7v8Dhx6Rw5HXttHuF8JSypkvcHuLfWyGLq0J4qlsw4GvK/cPtwdCuSe//uJvqSB
>     4Z6qj55E/3/M+aEBMzT9oBeZ5DVGPp0+76VWFNijGzHYMoT4YYm0pZBsmfZ7U2RJ
>     +7xFyGP0d7oXJIqoW8aUyufgdYnRNdcZdJtY27XHgKW1m9ytllIuK0h7hl410/L0
>     vy2t4IqSlO5Uko1/bOf3FETNkBRTUl4T2jWMP3dEpNMRobB1ZH5I5menXWSwzgR9
>     c2QWRkwQ8iUsAdakofnl9O1jhtw3Z9MKxHQbnxh32oNuS5Aaf5xxfiI7jXf3yY/L
>     GUKyIOa5nGtNtwUt4l0RTJAKoyY2J2KtBJm+JL51tQ3q/iyZsfRLVmyczlkzKUhj
>     vMKgSzhV8/IyQ/snqftAMqmRXYgaOE3qDCe8MR+EChIFwX2Zr+eRWdRzVFDjQ0kP
>     Cyc6Yw3TrthD8GuWWxU93tE3YMVxgI76+lDk/LBLZjviMTEfkR5e+gmuoff+Xdta
>     aBYek7loOjkqb+gJ6qeqAKuDLAZnw/BmHfgpYQpatdSeiV6jpGPkGMbYTwDHLlXR
>     rE72FJe1emdcDWQ6TE8SP+6KW22HirBPD5q6DPqJ2Oxcxx+AotXeLvDpnhd9S5b2
>     fDNHacCUklPyCeH81nsH
>     =PLsS
>     -----END PGP SIGNATURE-----
>     _______________________________________________
>     dm-crypt mailing list
>     dm-crypt@saout.de <mailto:dm-crypt@saout.de>
>     http://www.saout.de/mailman/listinfo/dm-crypt
>
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

  reply	other threads:[~2011-10-31  3:39 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-10-28 15:23 [dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation Aleksander Swirski
2011-10-28 15:37 ` Rick Moritz
2011-10-28 15:48   ` Aleksander Swirski
2011-10-28 15:53 ` Marc Ballarin
2011-10-28 16:03   ` Arno Wagner
2011-10-28 16:05     ` Aleksander Swirski
2011-10-28 16:24       ` Arno Wagner
2011-10-28 16:38         ` Aleksander Swirski
2011-10-28 17:20           ` Heinz Diehl
2011-10-28 18:14             ` Aleksander Swirski
2011-10-29  7:43               ` Arno Wagner
2011-10-30 16:08                 ` Aleksander Swirski
2011-10-30 17:32                   ` Arno Wagner
2011-10-30 18:56                     ` Aleksander Swirski
2011-10-30 22:25                       ` Jonas Meurer
2011-10-31  0:30                         ` Aleksander Swirski
2011-10-31  3:30                           ` ingo.schmitt [this message]
2011-10-31  7:18                             ` Arno Wagner
2011-10-31 22:17                               ` Jonas Meurer
2011-10-31 22:34                                 ` Claudio Moretti
2011-10-31 22:48                                   ` Jonas Meurer
2011-10-31 23:46                                     ` Claudio Moretti
2011-11-01  5:02                                       ` Arno Wagner
2011-11-01  4:45                                     ` Arno Wagner
2011-11-01  4:36                                 ` Arno Wagner
2011-10-31  8:47                           ` Quentin Lefebvre
2011-10-31 22:56                             ` Jonas Meurer
2011-10-31 22:40                           ` Jonas Meurer
2011-10-29  8:15               ` Yves-Alexis Perez
2011-10-30 19:03                 ` Aleksander Swirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4EAE1643.9030501@binarysignals.net \
    --to=ingo.schmitt@binarysignals.net \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.