From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from outgoing.fripost.org (giraff.fripost.org [193.234.15.44]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Thu, 13 Sep 2018 03:58:48 +0200 (CEST) Date: Thu, 13 Sep 2018 03:58:47 +0200 From: Guilhem Moulin Message-ID: <20180913015846.GA20220@localhost.localdomain> References: <3981e376-6bc1-eafa-661f-800527d1edd8@riseup.net> <0a634f10-a4fe-54e3-b6ad-edd3f7682ec3@redhat.com> <05d42a4b-7439-0f5a-21b0-d79d1195b07f@riseup.net> <48f41120-27ae-cef3-8bb0-482eb164d468@riseup.net> <20180912155201.GA31331@localhost.localdomain> <8c5025a3-efdd-02a7-d6b8-4d14dcd0beb6@riseup.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ZGiS0Q5IWpPtfppv" Content-Disposition: inline In-Reply-To: <8c5025a3-efdd-02a7-d6b8-4d14dcd0beb6@riseup.net> Subject: Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: procmem Cc: dm-crypt@saout.de, whonix-devel@whonix.org --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 13 Sep 2018 at 00:47:00 +0000, procmem wrote: > Guilhem Moulin: >> On Wed, 12 Sep 2018 at 15:21:00 +0000, procmem wrote: >>> cryptsetup convert /dev/vda5 --type luks2 --debug >>> [=E2=80=A6] >>> Cannot convert device /dev/vda5 which is still in use. >>> [=E2=80=A6] >>> Command failed with code -5 (device already exists or device is busy). >>=20 >> As the error message indicates, you need to remove (ie, close) the >> mapped device first. If that device is required for your system to run >> (for instance if it's holding the root file system) you won't be able to >> run `cryptsetup luksClose $name` from the main system; however you >> should be able to perform `cryptsetup convert` from a live CD, or from >> the initramfs image. >=20 > initramfs sounds like the most versatile option. Any pointers on how to > to this? Searching SE turns up irrelevant results. Before rebooting you might want to make sure the =E2=80=98algif_skcipher=E2= =80=99 kernel module is included in the initramfs image, otherwise you might not be able to open LUKS2 volumes. (See https://bugs.debian.org/896968 for details.) To do so, run the following two commands: echo algif_skcipher | sudo tee -a /etc/initramfs-tools/modules sudo update-initramfs -u Now assuming your bootloader is GRUB, reboot, press to obtain an emacs-like screen, append =E2=80=9C break=3Dpremount=E2=80=9D to the line s= tarting with =E2=80=9Cinitrd=E2=80=9D, and press + to boot. (The edit is trans= ient and won't survive the next reboot.) You should land into an initramfs debug shell; see initramfs-tools(7) for details. That has probably become off-topic for the dm-crypt list, by the way (discussing how to reboot into an initramfs shell has nothing to do with dm-crypt, LUKS, or cryptsetup(8) per se); the user support channels of your distro might be a better venue for this. --=20 Guilhem. --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAluZxFUACgkQ05pJnDwh pVIi6g/+NcFS1MoSEOiOBqSFvQYSJ08BAu/7SFxTs5/FM+lMxCL3MQiduBtJokHv IRJr47Pj5+4NdYwMlkqOmNVafuVpdVEwDiU6cY0RoWXD+8fjMCcw53gloZHf/PXB sIaa0LmwN7gKATNZd88Fi4DOfOGSWYcRZ8+p4iIX1Btx+SvVejBsoHqGIVwERNtp l0Cd97ffXwtgPlscubemkyshJE19p1BnZdo1LMxECf8IH2Ro5WgE5eG4TDiYSijh e2qQtaJWsLn0OFHtcUId/hoZfDVe48y61nwqAGV66XJDkLOX7eM9wSTpGDyOJ8fT U69l+J9J5wJB4IG+36gLN2l3hrg7AzGPjmNzqK6liZ2i1p6JUzjLUI18jrHGzqg9 ML70PDWkbKMVX7nhFckLXaOpb0pop8ooixoz4M5o2KzCzd2fXPpMhwyriA1ED9kT ynBq7LvWKlwMP8Pa6ECrJ0RAe/S1j0Ra9YVTS6uboaAplCyY2OXXyp1iCDMl1LFR lRH+UY88A1bRAKx64CkDexIhGqGY3srTypSwM5vorshnS0BrgRt0Rg/b8z4Mmp09 OPsOo1B80lSpg3VUOtH6VwLT62lhDc3q5HArsdXBjZdF6XJZnPYWLA0YVtVFPyqp XXFdE12AUT3tADanfVDzWjs5qFZWF94Af8vs2yJ8FBZBvhZkfZc= =VzEW -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv--