From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y5yTn7Fruo3Z for ; Mon, 31 Oct 2011 04:39:09 +0100 (CET) Received: from reniced.net (reniced.net [91.143.91.157]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 31 Oct 2011 04:39:09 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by reniced.net (Postfix) with ESMTP id 7E9882C0705 for ; Mon, 31 Oct 2011 04:30:18 +0100 (CET) Received: from reniced.net ([127.0.0.1]) by localhost (reniced.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q6oJGkM9gTi4 for ; Mon, 31 Oct 2011 04:30:15 +0100 (CET) Received: from [192.168.10.33] (p5493BD22.dip.t-dialin.net [84.147.189.34]) (Authenticated sender: ingo.schmitt@binarysignals.net) by reniced.net (Postfix) with ESMTPSA id 6DA8E2C019F for ; Mon, 31 Oct 2011 04:30:14 +0100 (CET) Message-ID: <4EAE1643.9030501@binarysignals.net> Date: Mon, 31 Oct 2011 04:30:11 +0100 From: "ingo.schmitt@binarysignals.net" MIME-Version: 1.0 References: <1319817228.19412.36.camel@localhost.localdomain> <20111028160300.GA26111@tansi.org> <20111028162428.GA26437@tansi.org> <20111028172044.GA1850@fancy-poultry.org> <20111029074352.GA6320@tansi.org> <20111030173230.GA31497@tansi.org> <4EADCEF5.2070405@freesources.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Another idea: Cryptsetup should offer to backup the header on the same drive when changes to an existing header are requested. I assume that headers size isn't an issue. Thx, Ingo On 10/31/2011 01:30 AM, Aleksander Swirski wrote: > I'm pretty sure this warning is only displayed when someone decides to > create new crypto on some partition or fill encrypted device with random > data in the next step after setting the password. but just setting the > password on an existing device makes data unusable without warning. when > the partitioning is finished there is a list of partitions that will be > wiped out, and also, during my installation crypto-deviced and /home > inside LVM was not listed there, but already lost few clicks earlier. > > i understand that it wasn't taken into consideration that someone can > attach existing encrypted device, but only that a new one will be > created. this is inconsistent with how it goes with unencrypted > partitions, where you can reattach them without formatting and keep your > data. so i guess with encrypted partition this should also work that > way. or maybe i miss the point? i will try to make the whole scenario > clear, and then send my proposition, to debian-boot@lists.debian.org > > > On 30 October 2011 23:25, Jonas Meurer > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Aleksander, > > Am 30.10.2011 19:56, schrieb Aleksander Swirski: > > I will also try to push this info to the debian devs. I'm not sure > > how to do that properly (hint appreciated). I know, that the route > > of installation I took is not a common one, but a simple warning > > would suffice to avoid this kind of trouble. After all my encrypted > > LVM and specifically the /home partition within LVM wasn't listed > > among those, which are to be erased at any point during the > > installation. (I marked them with - K - keep the data) > > I guess that you selected to configure the device which contained the > LVM volume group as new encrypted device. Then you where asked for the > new passphrase twice, and a new LUKS header was written to the device, > overwriting the old LUKS header. That way you shredded all the > encrypted data on that device, regardless what it was. > > The partitions you marked as "keep the data" weren't overwritten, just > the LUKS header of underlying device was overwritten. > > I agree, that a warning in the Debian Installer is a good idea, but to > be honest, there's already a big fat warning: > > > _Description: Really erase the data on ${DEVICE}? The data on > > ${DEVICE} will be overwritten with random data. It can no longer be > > recovered after this step has completed. This is the last > > opportunity to abort the erase. > > (from > http://anonscm.debian.org/gitweb/?p=d-i/partman-crypto.git;a=blob;f=debian/partman-crypto.templates) > > If you like to propose changes to the (warnings in the) process of > configuring encrypted volumes during installation of Debian, feel free > to discuss this on debian-boot@lists.debian.org > . You might as well > take a look at the following page: > http://wiki.debian.org/DebianInstaller/PartmanCrypto > > Greetings, > jonas > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBAgAGBQJOrc7tAAoJEFJi5/9JEEn+bo4P/0vX3AxnpXzWO3NUvYW2wh6H > k7v8Dhx6Rw5HXttHuF8JSypkvcHuLfWyGLq0J4qlsw4GvK/cPtwdCuSe//uJvqSB > 4Z6qj55E/3/M+aEBMzT9oBeZ5DVGPp0+76VWFNijGzHYMoT4YYm0pZBsmfZ7U2RJ > +7xFyGP0d7oXJIqoW8aUyufgdYnRNdcZdJtY27XHgKW1m9ytllIuK0h7hl410/L0 > vy2t4IqSlO5Uko1/bOf3FETNkBRTUl4T2jWMP3dEpNMRobB1ZH5I5menXWSwzgR9 > c2QWRkwQ8iUsAdakofnl9O1jhtw3Z9MKxHQbnxh32oNuS5Aaf5xxfiI7jXf3yY/L > GUKyIOa5nGtNtwUt4l0RTJAKoyY2J2KtBJm+JL51tQ3q/iyZsfRLVmyczlkzKUhj > vMKgSzhV8/IyQ/snqftAMqmRXYgaOE3qDCe8MR+EChIFwX2Zr+eRWdRzVFDjQ0kP > Cyc6Yw3TrthD8GuWWxU93tE3YMVxgI76+lDk/LBLZjviMTEfkR5e+gmuoff+Xdta > aBYek7loOjkqb+gJ6qeqAKuDLAZnw/BmHfgpYQpatdSeiV6jpGPkGMbYTwDHLlXR > rE72FJe1emdcDWQ6TE8SP+6KW22HirBPD5q6DPqJ2Oxcxx+AotXeLvDpnhd9S5b2 > fDNHacCUklPyCeH81nsH > =PLsS > -----END PGP SIGNATURE----- > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt