Re: [dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation.

["ingo.schmitt@binarysignals.net" <ingo.schmitt@binarysignals.net>]

Another idea: Cryptsetup should offer to backup the header
on the same drive when changes to an existing header are requested.

I assume that headers size isn't an issue.

Thx,
Ingo

On 10/31/2011 01:30 AM, Aleksander Swirski wrote:
> I'm pretty sure this warning is only displayed when someone decides to
> create new crypto on some partition or fill encrypted device with random
> data in the next step after setting the password. but just setting the
> password on an existing device makes data unusable without warning. when
> the partitioning is finished there is a list of partitions that will be
> wiped out, and also, during my installation crypto-deviced and /home
> inside LVM was not listed there, but already lost few clicks earlier.
>
> i understand that it wasn't taken into consideration that someone can
> attach existing encrypted device, but only that a new one will be
> created. this is inconsistent with how it goes with unencrypted
> partitions, where you can reattach them without formatting and keep your
> data. so i guess with encrypted partition this should also work that
> way. or maybe i miss the point? i will try to make the whole scenario
> clear, and then send my proposition, to debian-boot@lists.debian.org
> <mailto:debian-boot@lists.debian.org>
>
> On 30 October 2011 23:25, Jonas Meurer <jonas@freesources.org
> <mailto:jonas@freesources.org>> wrote:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA1
>
>     Hi Aleksander,
>
>     Am 30.10.2011 19:56, schrieb Aleksander Swirski:
>      > I will also try to push this info to the debian devs. I'm not sure
>      > how to do that properly (hint appreciated). I know, that the route
>      > of installation I took is not a common one, but a simple warning
>      > would suffice to avoid this kind of trouble. After all my encrypted
>      > LVM and specifically the /home partition within LVM wasn't listed
>      > among those, which are to be erased at any point during the
>      > installation. (I marked them with - K - keep the data)
>
>     I guess that you selected to configure the device which contained the
>     LVM volume group as new encrypted device. Then you where asked for the
>     new passphrase twice, and a new LUKS header was written to the device,
>     overwriting the old LUKS header. That way you shredded all the
>     encrypted data on that device, regardless what it was.
>
>     The partitions you marked as "keep the data" weren't overwritten, just
>     the LUKS header of underlying device was overwritten.
>
>     I agree, that a warning in the Debian Installer is a good idea, but to
>     be honest, there's already a big fat warning:
>
>      > _Description: Really erase the data on ${DEVICE}? The data on
>      > ${DEVICE} will be overwritten with random data. It can no longer be
>      > recovered after this step has completed. This is the last
>      > opportunity to abort the erase.
>
>     (from
>     http://anonscm.debian.org/gitweb/?p=d-i/partman-crypto.git;a=blob;f=debian/partman-crypto.templates)
>
>     If you like to propose changes to the (warnings in the) process of
>     configuring encrypted volumes during installation of Debian, feel free
>     to discuss this on debian-boot@lists.debian.org
>     <mailto:debian-boot@lists.debian.org>. You might as well
>     take a look at the following page:
>     http://wiki.debian.org/DebianInstaller/PartmanCrypto
>
>     Greetings,
>       jonas
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v1.4.11 (GNU/Linux)
>     Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
>     iQIcBAEBAgAGBQJOrc7tAAoJEFJi5/9JEEn+bo4P/0vX3AxnpXzWO3NUvYW2wh6H
>     k7v8Dhx6Rw5HXttHuF8JSypkvcHuLfWyGLq0J4qlsw4GvK/cPtwdCuSe//uJvqSB
>     4Z6qj55E/3/M+aEBMzT9oBeZ5DVGPp0+76VWFNijGzHYMoT4YYm0pZBsmfZ7U2RJ
>     +7xFyGP0d7oXJIqoW8aUyufgdYnRNdcZdJtY27XHgKW1m9ytllIuK0h7hl410/L0
>     vy2t4IqSlO5Uko1/bOf3FETNkBRTUl4T2jWMP3dEpNMRobB1ZH5I5menXWSwzgR9
>     c2QWRkwQ8iUsAdakofnl9O1jhtw3Z9MKxHQbnxh32oNuS5Aaf5xxfiI7jXf3yY/L
>     GUKyIOa5nGtNtwUt4l0RTJAKoyY2J2KtBJm+JL51tQ3q/iyZsfRLVmyczlkzKUhj
>     vMKgSzhV8/IyQ/snqftAMqmRXYgaOE3qDCe8MR+EChIFwX2Zr+eRWdRzVFDjQ0kP
>     Cyc6Yw3TrthD8GuWWxU93tE3YMVxgI76+lDk/LBLZjviMTEfkR5e+gmuoff+Xdta
>     aBYek7loOjkqb+gJ6qeqAKuDLAZnw/BmHfgpYQpatdSeiV6jpGPkGMbYTwDHLlXR
>     rE72FJe1emdcDWQ6TE8SP+6KW22HirBPD5q6DPqJ2Oxcxx+AotXeLvDpnhd9S5b2
>     fDNHacCUklPyCeH81nsH
>     =PLsS
>     -----END PGP SIGNATURE-----
>     _______________________________________________
>     dm-crypt mailing list
>     dm-crypt@saout.de <mailto:dm-crypt@saout.de>
>     http://www.saout.de/mailman/listinfo/dm-crypt
>
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt