From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Hj3FQdYipvlv for <dm-crypt@saout.de>;
 Sun, 23 Jun 2013 17:34:13 +0200 (CEST)
Received: from mail-ea0-x235.google.com (mail-ea0-x235.google.com
 [IPv6:2a00:1450:4013:c01::235])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sun, 23 Jun 2013 17:34:13 +0200 (CEST)
Received: by mail-ea0-f181.google.com with SMTP id a15so5612229eae.40
 for <dm-crypt@saout.de>; Sun, 23 Jun 2013 08:34:12 -0700 (PDT)
Message-ID: <51C71539.7020203@gmail.com>
Date: Sun, 23 Jun 2013 17:33:13 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <51C2D38C.5030203@web.de> <51C332C2.1000900@gmail.com>
 <1468118.MD1b3jT5q3@brinja>
In-Reply-To: <1468118.MD1b3jT5q3@brinja>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Truecrypt system partition support
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Jan Janssen <medhefgo@web.de>
Cc: dm-crypt@saout.de

Hi,

On 21.6.2013 15:58, Jan Janssen wrote:
> On Thursday 20 June 2013 18:50:10 Milan Broz wrote:
>> Hi,
>>
>> well, you are probably the first real user I know about who tried system
>> encryption truecrypt mapping :) So it is quite possible there are some
>> problems.
> 
> That's probably because it's not well advertised. I found out about it by
> accident and wanted to give it a try.

Yes, that's true.

The shared device for system encryption is fixed in devel git
http://code.google.com/p/cryptsetup/source/detail?r=a36de633d50d1e047cf5c0c3bc5e4d16a411fb62#

Please let me know if there is any other problem.

> Also, it took me a while to figure out (thanks to the manpage) that you have
> to use /dev/sda to open in system mode. It would be useful if cryptsetup
> could either figure out where to look for its offset from /dev/sda2 like
> the "real" truecrypt does or at least give a hint that in system mode the
> drive should be used instead of the partition.

Well, the Truecrypt header is not on partition for system encryption, it
is outside of it, that's why it is done this way.

Anyway, I added hint as well if header is not detected
http://code.google.com/p/cryptsetup/source/detail?r=42b0ab437a6ef332dd33e1eda144d2c3d9a70d23

I know automatic detection is better (and will work on Windows) but with Linux,
there can be virtualized systems where partition is used as "whole device"
for some Windows VM.
Also in some cases (LVM) it can be tricky to detect partitions and top level devices.

Also partition can be in different (security) context than the whole device.

Thanks!
Milan