Re: [dm-crypt] dm-crypt hanging on attempts to manipulate an encrypted device

[Milan Broz <mbroz@redhat.com>]

On 04/18/2010 03:13 PM, Milan Broz wrote:
> On 04/18/2010 01:17 PM, Pedro Fernandes Macedo wrote:
>> I have a 1TB USB disk that I use for backups and has recently hit a
>> snag.  The encrypted device was working fine, but it now is failing on a
>> weird way: after plugging it in yesterday and doing a luksOpen,
>> the "automatic header conversion from 0.99 to 0.991 triggered" message
>> appeared. After that, every single attempt at opening the device or add
>> keys hangs after the key is entered. This is a device that was in use
>> all the time and was working until I unplugged it (for safety) for some
>> changes to my raid setup. 
> 
> The automatic upgrade of version indicates that header was created
> with old version of cryptsetup...

For the archive:

seems that it was really unexpected result of automatic update.
("update" is basically conversion of iteration count into network byte order
- big/little endian conversion + some other magic.)

Because master key header digest iteration was always 10 in that problematic
version of cryptsetup, where device was originally formatted, recovery was quite easy.

I removed this automatic update in cryptsetup 1.1.0 (it was not safe as this report
proved), but because it seems that still there is possibility that old metadata
version exists, I'll add some workaround to luksHeaderRestore command.

So in future, general procedure to "update & fix" incompabilities is to perform

crypsetup luksHeaderBackup --header-backup-file <file> <device>
crypsetup luksHeaderRestore --header-backup-file <file> <device>

(currently it wipes possible FS signatures, which can be between header
and keyslots - also known problem with previous metadata handler.)

Milan