From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2G3lyrg8Msv for ; Tue, 17 Jan 2012 09:50:59 +0100 (CET) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 17 Jan 2012 09:50:59 +0100 (CET) Message-ID: <4F153670.90706@redhat.com> Date: Tue, 17 Jan 2012 09:50:56 +0100 From: Milan Broz MIME-Version: 1.0 References: <20244.14509.740805.435411@ny.koplon.com> In-Reply-To: <20244.14509.740805.435411@ny.koplon.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] cryptsetup luksClose List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Marc Schwarzschild Cc: dm-crypt@saout.de On 01/16/2012 03:48 PM, Marc Schwarzschild wrote: > I am setting up an external USB encrypted drive. I can mount it > manually after I boot the computer. I understand that I must > issue the 'cryptsetup luksClose' after I umount the disk. How do > I arrange for this as part of the Debian halt process so it > happens automatically when the server is shutdown? It is not cryptsetup job, it should be part of initscripts/systemd to correctly unmap active devices on shutdown. (Usually it tries to unmap all crypto disks except device with root fs which is just remounted read-only. Recent systemd is able to unmouteven root device properly.) For hot-plugged disks it is usually handled by some GUI service, usually based on udisks. > What happens > if there is a power failure and 'cryptsetup luksClose' was not > executed? For LUKS, no need to worry after power failure - luksClose just remove kernel mapping (kernel state) it doesn't touch on-disk metadata at all. (Of course there can be some filesystem damage after power failure, but that's not LUKS related, it can happen even for unencrypted fs.) Milan