From: Milan Broz <gmazyland@gmail.com>
To: Maxime Alves <maxime.alves@lirmm.fr>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] LUKS device failure after Cryptsetup upgrade
Date: Sun, 31 Jan 2021 18:36:29 +0100 [thread overview]
Message-ID: <48d9a462-2531-eb28-3cb2-8f3a515c3e93@gmail.com> (raw)
In-Reply-To: <20210131164818.GK10286@bung>
Hi,
We maintain strict backward compatibility, so there should be
no problem during any upgrade.
But you have apparently corrupted LUKS header here, reading from the debug log:
# Invalid stripes count 1 in keyslot 4.
LUKS keyslot 4 is invalid.
LUKS keyslot 4 is invalid.
Non standard keyslots alignment, manual repair required.
it seems there is some corruption in metadata area, but because
there is some non-standard data alignment, cryptsetup code will
*not* repair this automatically.
If the corruption is *only* in the unused keyslot metadata, this should
be easily recoverable, just automatic repair is not possible.
(But if the corruption is in the used keyslot area also, your data is lost!)
If you can send me (privately, not to the list) first 4096 bytes from your LUKS device LV
(this should contain only metadata, no private keyslot material), I can try to fix it.
Use dd (and send me luks.img file):
dd if=<your LUKS volume/LV> of=luks.img bs=4096 count=1 iflag=direct
In any case, be sure to backup existing LUKS header though!
(If not possible through cryptsetup because of invalid header, just dd first 4MB of disk area).
Milan
On 31/01/2021 17:48, Maxime Alves wrote:
> Hi,
>
> I just upgraded my Gentoo distribution, and now I can't open my Luks-encrypted
> LMV volume. I spent almost a year without rebooting/upgrading and don't really
> know what could have caused this error.
>
> Cryptsetup was upgraded from 2.2.1 to 2.3.2, but I did not reboot since it was
> version 1.7.5, so maybe I was still using the 1.7.5 through libvirt.
>
>
> Sadly, I did NOT backup before upgrading my Gentoo distro, thinking that there
> would be no big problem upgrading my system. The volume was unmounted, and is
> used only in a virtual machine ran by libvirt/kvm. I realized the device was
> not unlockable when I restarted my hypervisor and my VM.
>
> I tried to use a SystemRescue iso to open the device, with cryptsetup 1.7.x . I
> could repair the volume, but after that impossible to open it with my old
> passphrase.
>
> Thanks for reading,
> Maxime
>
>
> Here are some informations I gathered after the advices of some people of
> #gentoo.
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt
>
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
https://www.saout.de/mailman/listinfo/dm-crypt
prev parent reply other threads:[~2021-01-31 17:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-31 16:48 [dm-crypt] LUKS device failure after Cryptsetup upgrade Maxime Alves
2021-01-31 17:36 ` Milan Broz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48d9a462-2531-eb28-3cb2-8f3a515c3e93@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=maxime.alves@lirmm.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox