From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62kBQo8GPJBa for ; Mon, 1 Jul 2013 21:18:12 +0200 (CEST) Received: from mail-ee0-x22c.google.com (mail-ee0-x22c.google.com [IPv6:2a00:1450:4013:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Mon, 1 Jul 2013 21:18:11 +0200 (CEST) Received: by mail-ee0-f44.google.com with SMTP id c13so2276324eek.31 for ; Mon, 01 Jul 2013 12:18:11 -0700 (PDT) Message-ID: <51D1D5AF.9060502@gmail.com> Date: Mon, 01 Jul 2013 21:17:03 +0200 From: Milan Broz MIME-Version: 1.0 References: <51D15B0F.6080201@web.de> In-Reply-To: <51D15B0F.6080201@web.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Tcrypt hidden volume List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jan Janssen Cc: dm-crypt@saout.de On 1.7.2013 12:33, Jan Janssen wrote: > Hi, > > while testing how the tcrypt passphrase + keyfile logic works, I > realized that there doesn't seem to be a way to protect the hidden > volume from being damaged by writes to a mounted outer volume like > truecrypt does. I think this deserves a warning in the man page > since this is a potential data loss. Yes, you are right. There is no protection of hidden volume once outer volume is mounted. (BTW the protection itself reveals hidden volume existence.) Protection can be done on DM (kernel level) quite easily (map this linear part to virtual zero or error target masking out the data underneath) but it would require quite big changes in cryptsetup wrapper (which was meant to be simple 1:1 mapping). So I decided to ignore this problem for now... But yes, there should be some note in man page. Milan