[dm-crypt] LUKS device failure after Cryptsetup upgrade

[Maxime Alves <maxime.alves@lirmm.fr>]

[-- Attachment #1: Type: text/plain, Size: 926 bytes --]

Hi,

I just upgraded my Gentoo distribution, and now I can't open my Luks-encrypted
LMV volume. I spent almost a year without rebooting/upgrading and don't really
know what could have caused this error.

Cryptsetup was upgraded from 2.2.1 to 2.3.2, but I did not reboot since it was
version 1.7.5, so maybe I was still using the 1.7.5 through libvirt.


Sadly, I did NOT backup before upgrading my Gentoo distro, thinking that there
would be no big problem upgrading my system. The volume was unmounted, and is
used only in a virtual machine ran by libvirt/kvm. I realized the device was
not unlockable when I restarted my hypervisor and my VM.

I tried to use a SystemRescue iso to open the device, with cryptsetup 1.7.x . I
could repair the volume, but after that impossible to open it with my old
passphrase.

Thanks for reading,
Maxime


Here are some informations I gathered after the advices of some people of
#gentoo.


[-- Attachment #2: repair --]
[-- Type: text/plain, Size: 1576 bytes --]

## REPAIR

f00 /mnt/storage # cryptsetup repair --debug ./mail-20210131-old
# cryptsetup 2.3.2 processing "cryptsetup repair --debug ./mail-20210131-old"
# Running command repair.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device ./mail-20210131-old.
# Trying to open and read device ./mail-20210131-old with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device ./mail-20210131-old.
# Crypto backend (OpenSSL 1.1.1i  8 Dec 2020) initialized in cryptsetup library version 2.3.2.
# Detected kernel Linux 4.14.83-gentoo-xxxx-std-ipv6-64 x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Reading LUKS header of size 1024 from device ./mail-20210131-old
# Invalid stripes count 1 in keyslot 4.
LUKS keyslot 4 is invalid.
WARNING: Device ./mail-20210131-old already contains a 'dos' partition signature.

WARNING!
========
Really try to repair LUKS device header?

Are you sure? (Type 'yes' in capital letters): YES
# Trying to repair any crypt type from device ./mail-20210131-old.
# Reading LUKS header of size 1024 from device ./mail-20210131-old
# Reusing open ro fd on device ./mail-20210131-old
# Invalid stripes count 1 in keyslot 4.
LUKS keyslot 4 is invalid.
Non standard keyslots alignment, manual repair required.
# Releasing crypt device ./mail-20210131-old context.
# Releasing device-mapper backend.
# Closing read only fd for ./mail-20210131-old.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).


[-- Attachment #3: hexdump --]
[-- Type: text/plain, Size: 3006 bytes --]

## HEXDUMP

f00 /mnt/storage # hexdump -C -n 4096 ./mail-20210131-old
00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  78 74 73 2d 70 6c 61 69  |........xts-plai|
00000030  6e 36 34 00 00 00 00 00  00 00 00 00 00 00 00 00  |n64.............|
00000040  00 00 00 00 00 00 00 00  73 68 61 32 35 36 00 00  |........sha256..|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 10 00 00 00 00 40  |...............@|
00000070  17 36 b2 d3 46 d2 62 85  49 2d 67 3d 20 ed 07 26  |.6..F.b.I-g= ..&|
00000080  37 4a ac 0e 87 3a bb 2a  44 e4 60 6b 2d 4b 8d 68  |7J...:.*D.`k-K.h|
00000090  3b 37 5e 49 9a 16 c2 fd  4e b4 a7 f6 15 e5 87 45  |;7^I....N......E|
000000a0  ec cd 85 0e 00 01 ae aa  31 38 64 35 32 64 33 33  |........18d52d33|
000000b0  2d 62 34 66 63 2d 34 35  30 37 2d 38 62 30 65 2d  |-b4fc-4507-8b0e-|
000000c0  63 65 66 64 39 35 61 36  61 61 61 38 00 00 00 00  |cefd95a6aaa8....|
000000d0  00 ac 71 f3 00 0f 23 f8  16 8b 75 b3 0e 89 06 b2  |..q...#...u.....|
000000e0  1a a5 ac ba 43 ee 34 d9  db 93 1d e6 b6 b2 84 a4  |....C.4.........|
000000f0  4c cb 81 ed 48 0f 49 23  00 00 00 08 00 00 0f a0  |L...H.I#........|
00000100  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 02 00 00 00 0f a0  |................|
00000130  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 03 f8 00 00 0f a0  |................|
00000160  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  00 00 00 00 00 00 00 00  00 00 05 f0 00 00 0f a0  |................|
00000190  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 07 e8 00 00 00 01  |................|
000001c0  01 00 83 0f ff ff 3f 00  00 00 71 ff 3f 01 00 00  |......?...q.?...|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa  |..............U.|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000210  00 00 00 00 00 00 00 00  00 00 0b d8 00 00 0f a0  |................|
00000220  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000240  00 00 00 00 00 00 00 00  00 00 0d d0 00 00 0f a0  |................|
00000250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000

[-- Attachment #4: Type: text/plain, Size: 135 bytes --]

_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
https://www.saout.de/mailman/listinfo/dm-crypt