You are not logged in.

Pages: 1

#1 2021-05-21 19:23:56

jernst
Member
From: Silicon Valley
Registered: 2014-03-04
Posts: 303
Website

Cannot open luks image after upgrade

Luks image file, which I had been opening with

cryptsetup open foo.img foo

Since upgrading -- I had been overdue, so I don't know when that changed -- this fails.

I'm noticing that dm-crypt does not seem to load:

# insmod kernel/drivers/md/dm-crypt.ko.xz
insmod: ERROR: could not insert module kernel/drivers/md/dm-crypt.ko.xz: Unknown symbol in module
# dmesg | grep crypt
[    0.535267] Key type ._fscrypt registered
[    0.535268] Key type .fscrypt registered
[    0.535269] Key type fscrypt-provisioning registered
[    1.170567] Freeing unused decrypted memory: 2036K
[    1.246856] cryptd: max_cpu_qlen set to 1000
[    7.428756] systemd[1]: Reached target Local Encrypted Volumes.
[  343.526494] dm_crypt: Unknown symbol key_type_encrypted (err -2)
[  343.526521] dm_crypt: Unknown symbol key_type_trusted (err -2)

# uname -a
Linux build 5.12.5-arch1-1 #1 SMP PREEMPT Wed, 19 May 2021 10:32:40 +0000 x86_64 GNU/Linux

depmod -a didn't make any difference.

Offline

#2 2021-05-21 20:10:20

jernst
Member
From: Silicon Valley
Registered: 2014-03-04
Posts: 303
Website

Re: Cannot open luks image after upgrade

Decided to create a new luks image, and that works (create and open). "cryptsetup luksDump" tells me that:

* the non-working image is Version 1
* the working version is Version 2

So did luks1 support go away? Also, "cryptsetup convert" says "Invalid LUKS type, only luks1 and luks2 are supported." although luksDump says it's version 1.

Offline

#3 2021-05-21 20:17:59

frostschutz
Member
Registered: 2013-11-15
Posts: 1,637

Re: Cannot open luks image after upgrade

seems like you're trying to load the wrong module version or you're ignoring its dependencies... is it not in 'lsmod'? what happens if you try loading it with 'modprobe'?

So did luks1 support go away?

No. LUKS is a userspace thing anyway. Both LUKS 1 and LUKS 2 translate to a dm-crypt device when opened, so there is not really much of a difference to a kernel.

you can add --verbose --verbose to cryptsetup open command and see if it fails anywhere in particular

Last edited by frostschutz (2021-05-21 20:19:46)

Offline

#4 2021-05-21 21:00:30

jernst
Member
From: Silicon Valley
Registered: 2014-03-04
Posts: 303
Website

Re: Cannot open luks image after upgrade

--verbose --verbose does not produce any additional output.

--debug says this:

# cryptsetup 2.3.5 processing "cryptsetup open --debug foo.img foo"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device foo.img.
# Trying to open and read device foo.img with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device foo.img.
# Crypto backend (OpenSSL 1.1.1k  25 Mar 2021) initialized in cryptsetup library version 2.3.5.
# Detected kernel Linux 5.12.5-arch1-1 x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Reading LUKS header of size 1024 from device foo.img
# Key length 32, device size 204800 sectors, header size 2050 sectors.
# Activating volume foo using token -1.
# Interactive passphrase entry requested.
Enter passphrase for foo.img: 
# Activating volume foo [keyslot -1] using passphrase.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.44.0.
# Detected dm-crypt version 1.23.0.
# Device-mapper backend running with UDEV support enabled.
# dm status foo  [ opencount noflush ]   [16384] (*1)
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Reusing open ro fd on device foo.img
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.

I was wrong about my "*mod*" commands. "modprobe dm-crypt" works. However, the problem remains.

Offline

#5 2021-05-21 21:11:47

jernst
Member
From: Silicon Valley
Registered: 2014-03-04
Posts: 303
Website

Re: Cannot open luks image after upgrade

I've created a new luks image, which works fine, and I am abandoning the old image. While that does not solve the issue, it works as this workaround.

Offline

#6 2021-05-21 21:33:13

frostschutz
Member
Registered: 2013-11-15
Posts: 1,637

Re: Cannot open luks image after upgrade

typo in passphrase or damaged header... not sure what else it could be

Offline

#7 2021-05-21 22:25:01

jernst
Member
From: Silicon Valley
Registered: 2014-03-04
Posts: 303
Website

Re: Cannot open luks image after upgrade

The old file opens just fine on an older system. And no typo on the passphrase, I tried this too often for this to be possible.

Anyway, I have a workaround, let's leave this here in case somebody else runs into something similar.

Offline

#8 2021-05-21 23:44:45

frostschutz
Member
Registered: 2013-11-15
Posts: 1,637

Re: Cannot open luks image after upgrade

how old and which ciphers in use? there was an issue with... whirlpool? That stopped working after an update, I don't remember, it was years ago.

Offline

Pages: 1

Board footer

Powered by FluxBB