Re: [dm-crypt] cryptsetup luksClose

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: Marc Schwarzschild <ms@TheBrookhavenGroup.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup luksClose
Date: Wed, 18 Jan 2012 09:10:06 +0100	[thread overview]
Message-ID: <4F167E5E.1020408@redhat.com> (raw)
In-Reply-To: <20245.59556.275927.341444@ny.koplon.com>

On 01/17/2012 10:31 PM, Marc Schwarzschild wrote:
>
> Thank you.  I gather from this that I can safely halt or reboot
> while a disk is mounted, right?

 From the LUKS metadata point of view yes (there will be still
encryption key in memory but that's different problem).

 From the filesystem POV above LUKS - it depends. If it is remounted
read-only, there should be no data loss on [un]expected reboot.
(If you reboot while some write IOs are in-flight, of course you get
some corruption.)

Anyway, distro initscripts should handle this during controlled
shutdown for all mounted devices.

Milan

>
> --- January 17, 2012 Milan Broz sent: ---
>
>    On 01/16/2012 03:48 PM, Marc Schwarzschild wrote:
>    >  I am setting up an external USB encrypted drive. I can mount it
>    >  manually after I boot the computer. I understand that I must
>    >  issue the 'cryptsetup luksClose' after I umount the disk. How do
>    >  I arrange for this as part of the Debian halt process so it
>    >  happens automatically when the server is shutdown?
>
>    It is not cryptsetup job, it should be part of initscripts/systemd
>    to correctly unmap active devices on shutdown.
>    (Usually it tries to unmap all crypto disks except device
>    with root fs which is just remounted read-only. Recent systemd is able
>    to unmouteven root device properly.)
>
>    For hot-plugged disks it is usually handled by some GUI service,
>    usually based on udisks.
>
>    >  What happens
>    >  if there is a power failure and 'cryptsetup luksClose' was not
>    >  executed?
>
>    For LUKS, no need to worry after power failure - luksClose
>    just remove kernel mapping (kernel state) it doesn't touch
>    on-disk metadata at all.
>    (Of course there can be some filesystem damage after power failure,
>    but that's not LUKS related, it can happen even for unencrypted fs.)
>
>    Milan
>

next prev parent reply	other threads:[~2012-01-18  8:10 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-16 14:48 [dm-crypt] cryptsetup luksClose Marc Schwarzschild
2012-01-17  8:50 ` Milan Broz
2012-01-17 21:31   ` Marc Schwarzschild
2012-01-18  8:10     ` Milan Broz [this message]
2012-01-19 15:30       ` Marc Schwarzschild

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F167E5E.1020408@redhat.com \
    --to=mbroz@redhat.com \
    --cc=dm-crypt@saout.de \
    --cc=ms@TheBrookhavenGroup.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.