From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 8Ug1rQxmWPyA for <dm-crypt@saout.de>;
 Mon, 12 Mar 2012 23:55:00 +0100 (CET)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon, 12 Mar 2012 23:55:00 +0100 (CET)
Message-ID: <4F5E7EC1.6090903@redhat.com>
Date: Mon, 12 Mar 2012 23:54:57 +0100
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <4F5C7E0A.6060908@gmail.com>
In-Reply-To: <4F5C7E0A.6060908@gmail.com>
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] exclusive flag trouble
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: =?ISO-8859-1?Q?Javier_Juan_Mart=EDnez_Cabez=F3n?= <tazok.id0@gmail.com>
Cc: dm-crypt@saout.de

On 03/11/2012 11:27 AM, Javier Juan Mart=EDnez Cabez=F3n wrote:
>
>
> Hi until now I used a tool to make hidden partitions called scubed (is
> something like a partition tool that used cryptsetup to create the
> needed volumes (really old but worked fine)
>
> http://cube.dyndns.org/cgi-bin/viewvc.cgi/trunk/scubed.c?diff_format=3Dl&=
sortdir=3Ddown&logsort=3Drev&sortby=3Dlog&view=3Dmarkup&root=3Dscubed
>
> - I get realized from this:
>
> http://code.google.com/p/cryptsetup/issues/detail?id=3D105
>
> With scubed you create five cryptsetup levels in the same device and
> with all unlocked you assign needed blocks to each of them with scubed)
>
> I haven't get troubles with this is able for example to create read only
> media (dvd+-r) with multiple ciphered layers.
>
> Here is the readme (with a mini tutorial):
> http://cube.dyndns.org/svn/scubed/trunk/README

hm.

# cryptsetup create scubed1 /dev/loop0
Enter passphrase:
# cryptsetup create scubed2 /dev/loop0
Enter passphrase:

This is exactly why exclusive checking is there - it is recipe
for data corruption if plaintext devices are wrongly accessed
(you write to one device but you will get data from cache for other).

Please can you add a new issue on cryptsetup project page to track that?
(I have currently no time to check it now but save it for later.)

I do not think I will reintroduce non-exclusive mode but I would like
to check how scubed works and possibly provide some workaround.
(IMHO if scubed creates private devices, it is fine, so maybe some patch
is the way to go.)

Thanks,
Milan