From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jizTs7rfBLYn for ; Mon, 24 Jun 2013 15:55:20 +0200 (CEST) Received: from mout.web.de (mout.web.de [212.227.17.11]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 24 Jun 2013 15:55:20 +0200 (CEST) Message-ID: <51C84FC4.3040104@web.de> Date: Mon, 24 Jun 2013 15:55:16 +0200 From: Jan Janssen MIME-Version: 1.0 References: <51C2D38C.5030203@web.de> <51C332C2.1000900@gmail.com> <1468118.MD1b3jT5q3@brinja> <51C71539.7020203@gmail.com> <51C76342.6070401@web.de> <51C7DDBC.9080107@gmail.com> In-Reply-To: <51C7DDBC.9080107@gmail.com> Content-Type: multipart/mixed; boundary="------------000301030609050307060908" Subject: Re: [dm-crypt] Truecrypt system partition support List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz Cc: dm-crypt@saout.de This is a multi-part message in MIME format. --------------000301030609050307060908 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 06/24/2013 07:48 AM, Milan Broz wrote: > Hm, seems like completely different problem. > I cannot check whats going on without more information here, ideally > - cryptsetup output with --debug switch > - tcryptDump (mainly offsets and data sizes stored there) > - exact sizes of partitions (fdils -l -u, blockdev --getsz /dev/sda* or so) > > (but please note it will provide some info which is hidden, do not send it > if it is problem :-) Hi, here's the info. The open log is attached. TCRYPT header information for /dev/sda Version: 5 Driver req.: 7 Sector size: 512 MK offset: 106928640 PBKDF2 hash: ripemd160 Cipher chain: aes Cipher mode: xts-plain64 MK bits: 512 # for i in /dev/sda*; do echo -n "$i: "; sudo blockdev --getsz $i; done /dev/sda: 120103200 /dev/sda1: 208782 /dev/sda2: 62701695 /dev/sda3: 57192660 # fdisk -l -u Disk /dev/sda: 61.5 GB, 61492838400 bytes, 120103200 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x000bfd29 Device Boot Start End Blocks Id System /dev/sda1 63 208844 104391 83 Linux /dev/sda2 * 208845 62910539 31350847+ 7 HPFS/NTFS/exFAT /dev/sda3 62910540 120103199 28596330 83 Linux > Ideally I would like to reproduce it, for my encrypted VM on partition > it works. > How did you create this config? ANy manipulations with apartitions after > system reencryption? I did nothing peculiar to the system. Created the layout with gparted. I did install grub2, but it also didn't work the truecrypt bootloader. >> >> Also, something's off about the --key-file option with tcrypt. I can't >> get it to accept my password from the file. But if I pipe it with cat >> to stdin it works. Maybe it's supposed to be this way, but then I think >> it needs extra mention in the manpage. And maybe there should be a way >> to provide a --passphrase-file option or something along those lines >> if the current handling is different to how its handled for luks. > > So you are not using Truecrypt keyfile but just passphrase in file, > so pipe is the correct way. I thought it is explained in man page > but if not, it need some care. If you have some idea how to describe > it betrer, just send me a patch. > (And adding more otpion will cause even more chaos here :) After re-reading it's a little clearer now. I still miss a way to supply the passphrase in a file without resorting to piping it to stdin. It's not an issue for luks since it allows passphrases and keyfiles together, but truecrypt doesn't allow keyfiles in system mode. Jan --------------000301030609050307060908 Content-Type: text/x-log; name="tcrypt-open.log" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="tcrypt-open.log" # cryptsetup 1.6.2-git processing "cryptsetup --debug --tcrypt-system tcryptOpen /dev/sda windows" # Running command open. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating crypt device /dev/sda context. # Trying to open and read device /dev/sda. # Initialising device-mapper backend library. # STDIN descriptor passphrase entry requested. # Trying to load TCRYPT crypt type from device /dev/sda. # Crypto backend (gcrypt 1.5.2) initialized. # Reading TCRYPT header of size 512 bytes from device /dev/sda. # TCRYPT: trying KDF: pbkdf2-ripemd160-2000. # TCRYPT: trying cipher aes-xts-plain64 # TCRYPT: trying cipher serpent-xts-plain64 # TCRYPT: trying cipher twofish-xts-plain64 # TCRYPT: trying cipher twofish-aes-xts-plain64 # TCRYPT: trying cipher serpent-twofish-aes-xts-plain64 # TCRYPT: trying cipher aes-serpent-xts-plain64 # TCRYPT: trying cipher aes-twofish-serpent-xts-plain64 # TCRYPT: trying cipher serpent-twofish-xts-plain64 # TCRYPT: trying cipher aes-lrw-benbi # TCRYPT: trying cipher serpent-lrw-benbi # TCRYPT: trying cipher twofish-lrw-benbi # TCRYPT: trying cipher twofish-aes-lrw-benbi # TCRYPT: trying cipher serpent-twofish-aes-lrw-benbi # TCRYPT: trying cipher aes-serpent-lrw-benbi # TCRYPT: trying cipher aes-twofish-serpent-lrw-benbi # TCRYPT: trying cipher serpent-twofish-lrw-benbi # TCRYPT: trying cipher aes-cbc-tcrypt # TCRYPT: trying cipher serpent-cbc-tcrypt # TCRYPT: trying cipher twofish-cbc-tcrypt # TCRYPT: trying cipher twofish-aes-cbci-tcrypt # TCRYPT: trying cipher serpent-twofish-aes-cbci-tcrypt # TCRYPT: trying cipher aes-serpent-cbci-tcrypt # TCRYPT: trying cipher aes-twofish-serpent-cbci-tcrypt # TCRYPT: trying cipher serpent-twofish-cbci-tcrypt # TCRYPT: trying cipher cast5-cbc-tcrypt # TCRYPT: trying cipher des3_ede-cbc-tcrypt # TCRYPT: trying cipher blowfish_le-cbc-tcrypt # TCRYPT: trying cipher blowfish_le-aes-cbc-tcrypt # TCRYPT: trying cipher serpent-blowfish_le-aes-cbc-tcrypt # TCRYPT: trying KDF: pbkdf2-ripemd160-1000. # TCRYPT: trying cipher aes-xts-plain64 # TCRYPT: Signature magic detected. # TCRYPT: Header version: 5, req. 7, sector 512, mk_offset 106928640, hidden_size 0, volume size 32103267840 # TCRYPT: Header cipher aes-xts-plain64, key size 64 # Activating volume windows by volume key. # dm version OF [16384] (*1) # dm versions OF [16384] (*1) # Detected dm-crypt version 1.12.1, dm-ioctl version 4.24.0. # Device-mapper backend running with UDEV support enabled. # dm status windows OF [16384] (*1) # Calculated device size is 62701695 sectors (RW), offset 208845. # Trying to activate TCRYPT device windows using cipher aes-xts-plain64. # DM-UUID is CRYPT-TCRYPT-windows # Udev cookie 0xd4df074 (semid 294912) created # Udev cookie 0xd4df074 (semid 294912) incremented to 1 # Udev cookie 0xd4df074 (semid 294912) incremented to 2 # Udev cookie 0xd4df074 (semid 294912) assigned to CREATE task(0) with flags (0x0) # dm create windows CRYPT-TCRYPT-windows OF [16384] (*1) # dm reload windows OFW [16384] (*1) device-mapper: reload ioctl on failed: Invalid argument # Udev cookie 0xd4df074 (semid 294912) decremented to 1 # Udev cookie 0xd4df074 (semid 294912) incremented to 2 # Udev cookie 0xd4df074 (semid 294912) assigned to REMOVE task(2) with flags (0x0) # dm remove windows OFW [16384] (*1) # windows: Stacking NODE_DEL [verify_udev] # Udev cookie 0xd4df074 (semid 294912) decremented to 1 # Udev cookie 0xd4df074 (semid 294912) waiting for zero # Udev cookie 0xd4df074 (semid 294912) destroyed # windows: Processing NODE_DEL [verify_udev] # Releasing crypt device /dev/sda context. # Releasing device-mapper backend. # Unlocking memory. Command successful. --------------000301030609050307060908--