Cannot luksOpen a luks partition - Input/Output error

pingwingg · 2014-08-28 13:52:28

Hi,
I have a problem with cryptsetup.

1 root@przemekx61s /dev/mapper # cryptsetup luksOpen /dev/sda7 moje --verbose                                      :(
Enter passphrase for /dev/sda7: 
Command failed with code 5: Input/output error

If I run it without --verbose it just silently dies, and my partition is not opened.

Any ideas how to diagnose and fix it?

System is up to date.

Rob_H · 2014-09-01 14:05:58

What output do you get from:

cryptsetup luksDump /dev/sda7

And this:

cryptsetup isLuks /dev/sda7
echo $?

Last edited by Rob_H (2014-09-01 14:08:16)

pingwingg · 2014-09-01 17:45:52

cryptsetup luksDump /dev/sda7
LUKS header information for /dev/sda7

Version:        1
Cipher name:    aes
Cipher mode:    ecb-plain
Hash spec:      sha1
Payload offset: 2048
MK bits:        128
MK digest:      94 20 e7 f9 34 a2 d8 ef 74 7b 10 c7 4c f2 9f a0 80 b3 02 2c 
MK salt:        70 66 66 0a 7e 8b df 98 c1 8a 78 10 b1 fd ca 2e 
                9a eb 75 b9 cd 8e a8 5a 0e 3c 28 d5 a0 0f 5e 80 
MK iterations:  30125
UUID:           26df548f-ea61-4138-84b3-b1846f933f63

Key Slot 0: ENABLED
        Iterations:             120925
        Salt:                   c6 2c 16 25 50 2e 7f 24 bc 46 84 26 08 06 dc ff 
                                28 e3 fd 01 fc 6b 5a 85 fd f2 11 7e 1b 1f 2e 13 
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

root@przemekx61s ~ # cryptsetup isLuks /dev/sda7
root@przemekx61s ~ # echo $?                    
0

I forgot to say, on current Arch boot CD I can open this partition and I have total access to partition.

Strike0 · 2014-09-02 20:07:00

That's a good hint indeed!

There is a bug in cryptsetup 1.6.5 related to I/O. Try downgrading to 1.6.4 or upgrade to 1.6.6 (which is in the testing repo currently).
If it still does not work, have a look at the output of your luksopen statement with the option "--debug" (instead of --verbose).

pingwingg · 2014-09-04 00:15:47

I've upgraded to cryptsetup-1.6.6-1 (it's now in stable repo), but it still don't work.

root@przemekx61s /home/przemek # LANG=C cryptsetup luksOpen /dev/sda7 moje --verbose --debug                            :(
# cryptsetup 1.6.6 processing "cryptsetup luksOpen /dev/sda7 moje --verbose --debug"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sda7 context.
# Trying to open and read device /dev/sda7.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sda7.
# Crypto backend (gcrypt 1.6.2) initialized.
# Detected kernel Linux 3.14.17-1-lts x86_64.
# Reading LUKS header of size 1024 from device /dev/sda7
# Key length 16, device size 103617368 sectors, header size 1029 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume moje [keyslot -1] using [none] passphrase.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Device-mapper backend running with UDEV support enabled.
# dm status moje  OF   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/sda7: 
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Releasing crypt device /dev/sda7 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Input/output error

I'll try to downgrade to 1.6.4.

pingwingg · 2014-09-04 00:26:23

Thanks! After downgrading to 1.6.4 from Arch Rollback Machine I can open my partition.

There is clearly something wrong with recent versions of cryptsetup, I'll try to fill the bug in the tracker.

Strike0 · 2014-09-05 13:58:58

Yes, that would be good if you could fill a report. In your debug output the last line of:

# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
Key slot 0 unlocked.

is missing. The bug I referred to was something similar (key slot not unlocked due to I/O error for failing access), but supposed to be fixed with 1.6.6.. Btw I assume you encrypted that partition a long time ago, because it uses aes ecb mode.

Regalis · 2014-10-30 14:38:32

Hi,

The same for me (@Strike0: unfortunately, 1.6.6 still seems to be broken):

# cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sda1 SSD840"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sda1 context.
# Trying to open and read device /dev/sda1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sda1.
# Crypto backend (gcrypt 1.6.2) initialized.
# Detected kernel Linux 3.17.1-1-ARCH x86_64.
# Reading LUKS header of size 1024 from device /dev/sda1
# Key length 32, device size 234439567 sectors, header size 2050 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume SSD840 [keyslot -1] using [none] passphrase.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
# Device-mapper backend running with UDEV support enabled.
# dm status SSD840  OF   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/sda1: 
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Releasing crypt device /dev/sda1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Input/output error

# cryptsetup 1.6.6 processing "cryptsetup --debug luksDump /dev/sda1"
# Running command luksDump.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sda1 context.
# Trying to open and read device /dev/sda1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sda1.
# Crypto backend (gcrypt 1.6.2) initialized.
# Detected kernel Linux 3.17.1-1-ARCH x86_64.
# Reading LUKS header of size 1024 from device /dev/sda1
# Key length 32, device size 234439567 sectors, header size 2050 sectors.
LUKS header information for /dev/sda1

Version:       	1
Cipher name:   	aes
Cipher mode:   	ecb-benbi
Hash spec:     	sha512
Payload offset:	4096
MK bits:       	256
MK digest:     	c1 6a 79 39 1e 18 31 75 80 0a 1b 1d c2 ee e4 d8 21 ba 9a cd 
MK salt:       	9b ab 22 3a c9 2c d7 c0 72 b7 50 16 86 f9 54 30 
               	73 50 37 77 55 80 fa de 11 cd 59 3c 3f 01 b3 67 
MK iterations: 	54000
UUID:          	732ad2b9-0fdc-4f47-8606-1eab7c85f3c4

Key Slot 0: ENABLED
	Iterations:         	214763
	Salt:               	51 fe 64 c2 af 91 f4 b0 8e 36 57 ce e8 c3 4e db 
	                      	78 bd 5c af b8 f9 f3 47 1c 80 88 33 d2 06 1c 1e 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
# Releasing crypt device /dev/sda1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.

I "fixed" this by using cryptsetup-reencrypt with different options. Now luksDump looks like this:

# cryptsetup 1.6.6 processing "cryptsetup --debug luksDump /dev/sda1"
# Running command luksDump.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sda1 context.
# Trying to open and read device /dev/sda1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sda1.
# Crypto backend (gcrypt 1.6.2) initialized.
# Detected kernel Linux 3.17.1-1-ARCH x86_64.
# Reading LUKS header of size 1024 from device /dev/sda1
# Key length 64, device size 234439567 sectors, header size 4036 sectors.
LUKS header information for /dev/sda1

Version:       	1
Cipher name:   	aes
Cipher mode:   	xts-plain64
Hash spec:     	sha512
Payload offset:	4096
MK bits:       	512
MK digest:     	0c e9 1f a6 67 8a 59 53 a2 cb b5 38 5c d6 b1 a4 66 42 ff 89 
MK salt:       	e8 ed 0e 5e 3d 93 ca 2b db 72 c3 51 1c 53 ab 23 
               	42 7f 76 e2 1b d6 30 7e 93 cd d7 a7 aa ce 1a 83 
MK iterations: 	120500
UUID:          	732ad2b9-0fdc-4f47-8606-1eab7c85f3c4

Key Slot 0: ENABLED
	Iterations:         	484847
	Salt:               	cd 85 d7 d6 19 88 97 91 7f 52 64 dd 39 d2 5e 1c 
	                      	0b 61 dd c4 d7 fc 59 49 9b b3 5a 5c 4a 7f 2b b0 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
# Releasing crypt device /dev/sda1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.

Arch Linux

#1 2014-08-28 13:52:28

Cannot luksOpen a luks partition - Input/Output error

#2 2014-09-01 14:05:58

Re: Cannot luksOpen a luks partition - Input/Output error

#3 2014-09-01 17:45:52

Re: Cannot luksOpen a luks partition - Input/Output error

#4 2014-09-02 20:07:00

Re: Cannot luksOpen a luks partition - Input/Output error

#5 2014-09-04 00:15:47

Re: Cannot luksOpen a luks partition - Input/Output error

#6 2014-09-04 00:26:23

Re: Cannot luksOpen a luks partition - Input/Output error

#7 2014-09-05 13:58:58

Re: Cannot luksOpen a luks partition - Input/Output error

#8 2014-10-30 14:38:32

Re: Cannot luksOpen a luks partition - Input/Output error

Board footer