From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TciQW6eHQK8O for ; Sun, 30 Dec 2012 11:53:09 +0100 (CET) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Sun, 30 Dec 2012 11:53:09 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-164-49.dclient.hispeed.ch [84.74.164.49]) by v4.tansi.org (Postfix) with ESMTPA id 4CB7A1404001 for ; Sun, 30 Dec 2012 11:53:09 +0100 (CET) Date: Sun, 30 Dec 2012 11:53:08 +0100 From: Arno Wagner Message-ID: <20121230105308.GA13288@tansi.org> References: <20121227095229.GA9356@tansi.org> <20121228150430.GA17491@tansi.org> <50DDF171.1080807@gmail.com> <96a12d6b77c3f72a240b489e3ceefa4a.squirrel@ssl.verfeiert.org> <50E00BDF.2000109@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50E00BDF.2000109@gmail.com> Subject: Re: [dm-crypt] Avoiding fsck.ext4 destruction of crypto_luks data List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sun, Dec 30, 2012 at 10:39:43AM +0100, Milan Broz wrote: > On 12/30/2012 09:42 AM, Sven Eschenberg wrote: > > Hi Milan, > > > > What happens though, if signatures are not accessible during luksFormat? > > (Or alternatively, are not found, because they are misaligned from the > > current setup's perspective?) > > > > Scenario, create a md volume with 1.0 metadata (end of device), start md > > device, do luks format. > > Well, there are priorities but in fact these configurations need some > external info (or admin knowledge). Indeed. Just added the warning that previosuly used partitions should be wiped to the man-page of cryptsetup. I also found that "wipefs" does not remove matadata 0.90 signatures from md components (located at the end. I still use them because I like kernel-level autodetection and my arrays are small), also added warning about that. > > Now, in intial unused state, the luks header and md metadata is visible. > > While cryptsetup might be able to realize that the md device should first > > be started, this might not be true for all tools (unfortunately). Possible > > similiar scenarions with leftover superblocks etc. can surely be created. > > Yes, and in the MD format (end of device) case the problem repeats > very often. Indeed. See above. > > I am aware this is a specific case due to the end of device policy of the > > md metada v1.0. What I am trying to say is, not all cases can > > automagically be resolved, sometimes the knowledge and interaction of an > > admin might really be required. And for educated guessing, the admin needs > > to be educated beforehand ;-). > > Yes, fully agree. I can mention other situations, which can be configured > this way (LVM has several such undocumented scenarios) where you cannot > automatically say which signature is the first... I think warning the user that anything previously used need to be cleaned is enough. FAQ and man-page do that now. I think that is enough. Those that do not read documentation will always find some way to shoot themselves in the foot... > (I can write very long description about plans about "block device > assembly" library under util-linux project which should help to solve > this, but I am afraid that I will not work on this project anymore.) Some magic pressure-cooker you throw some partitions in and get some assembled and runnign filesystems out? Sounds like a nightmare to implement ;-) > And because we are on dmcrypt list - there is always need from security > (or paranoid ;) people to separate or hide metadata (e.g. LUKS header or > hidden container). In this situation you simply must know some info in > advance to properly activate such storage... Security requires understanding what you are doing or at least reading the documentation carefully (it it is any good). For example, I recently found out that there are people that run TrueCrypt on Windows whith hibernation active and the hibernation file not on an encrypted device. That is a complete fail, as the encryption keys then go into the hiberfile. (The documentation warns about this.) Seems you can even buy software that recovers the keys automatically. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell