Can't open LUKS volume after cryptsetup resize

yejii · 2022-10-17 09:19:59

I tried to enlarge a LUKS partition, but now I can't access the partition anymore. There is no LVM involved (learned my lesson not using LVM).

My steps for the size-up where:
1. change partition table, so just let it take 100%FREE

fdisk /dev/sda

2. change mapping of luks

cryptsetup resize /dev/mapper/cryptdevice

3. check filesystem

e2fsck -f /dev/mapper/cryptdevice

4. resize filesystem inside the luks container

resize2fs /dev/mapper/cryptdevice

For whatever reason I rebooted my PC after step 2. And now I can't 'luksOpen' the partition anymore.

The running luksOpen with --debug:

>> sudo cryptsetup luksOpen --verbose --debug /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c cryptdevice
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Activating volume cryptdevice using token (any type) -1.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.47.0.
# Detected dm-crypt version 1.24.0.
# Device-mapper backend running with UDEV support enabled.
# dm status cryptdevice  [ opencount noflush ]   [16384] (*1)
No usable token is available.
# Interactive passphrase entry requested.
Enter passphrase for /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c:
# Activating volume cryptdevice [keyslot -1] using passphrase.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status cryptdevice  [ opencount noflush ]   [16384] (*1)
# Keyslot 0 priority 1 != 2 (required), skipped.
# Trying to open LUKS2 keyslot 0.
# Running keyslot key derivation.
# Reading keyslot area [0x8000].
# Acquiring read lock for device /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c.
# Opening lock resource file /run/cryptsetup/L_8:1
# Verifying lock handle for /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c.
# Device /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c READ lock taken.
# Reusing open ro fd on device /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c
# Device /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c READ lock released.
# Verifying key from keyslot 0, digest 0.
# Loading key (64 bytes, type logon) in thread keyring.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status cryptdevice  [ opencount noflush ]   [16384] (*1)
# Calculated device size is 7814002319 sectors (RW), offset 32768.
# DM-UUID is CRYPT-LUKS2-1e1b5177fa0e4a4c82300c6fb6000f4c-cryptdevice
# Udev cookie 0xd4dbe2d (semid 3) created
# Udev cookie 0xd4dbe2d (semid 3) incremented to 1
# Udev cookie 0xd4dbe2d (semid 3) incremented to 2
# Udev cookie 0xd4dbe2d (semid 3) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm create cryptdevice CRYPT-LUKS2-1e1b5177fa0e4a4c82300c6fb6000f4c-cryptdevice [ opencount flush ]   [16384] (*1)
# dm reload   (254:0) [ opencount flush securedata ]   [16384] (*1)
device-mapper: reload ioctl on cryptdevice (254:0) failed: Invalid argument
# Udev cookie 0xd4dbe2d (semid 3) decremented to 1
# Udev cookie 0xd4dbe2d (semid 3) incremented to 2
# Udev cookie 0xd4dbe2d (semid 3) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm remove cryptdevice  [ opencount flush securedata ]   [16384] (*1)
# Uevent not generated! Calling udev_complete internally to avoid process lock-up.
# Udev cookie 0xd4dbe2d (semid 3) decremented to 1
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status cryptdevice  [ opencount noflush ]   [16384] (*1)
# Udev cookie 0xd4dbe2d (semid 3) decremented to 0
# Udev cookie 0xd4dbe2d (semid 3) waiting for zero
# Udev cookie 0xd4dbe2d (semid 3) destroyed
# Requesting keyring logon key for revoke and unlink.
# Releasing crypt device /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/disk/by-uuid/1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c.
# Unlocking memory.
Command failed with code -4 (wrong device or file specified).

The 'luksDump' of the device is as following:

LUKS header information
Version:        2
Epoch:          3
Metadata area:  16384 [bytes]
Keyslots area:  16744448 [bytes]
UUID:           1e1b5177-fa0e-4a4c-8230-0c6fb6000f4c
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
        offset: 16777216 [bytes]
        length: (whole device)
        cipher: aes-xts-plain64
        sector: 4096 [bytes]

Keyslots:
  0: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2id
        Time cost:  24
        Memory:     1048576
        Threads:    4
        Salt:       19 a7 fa de 84 fb f7 e2 64 e8 fa 5b 46 29 2d 70
                    34 1f 0c 4e 4e fe f7 2d 9a 7e 06 66 5b 95 d3 0a
        AF stripes: 4000
        AF hash:    sha512
        Area offset:32768 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
        Hash:       sha512
        Iterations: 230355
        Salt:       8f e9 35 8d 48 c5 64 15 8d f3 81 89 9d 4e 78 fd
                    0f 3c 01 46 96 6f d9 dd 86 a4 fa 9f cc f6 6a 4d
        Digest:     f1 3b 4a 66 87 05 ac 07 a5 49 f6 eb ea bd f2 e1
                    3e 16 2e 01 62 86 09 00 87 41 a6 c9 48 8b b0 85
                    98 c9 b6 85 53 ed 40 7d e9 19 5c ec 5d c2 30 7f
                    3b ef 91 a6 43 a6 b7 2d f5 9d 1e 44 f0 b7 f2 4d

Thanks for helping out, in advance!

frostschutz · 2022-10-17 11:20:05

blockdev --getsize64 /dev/sda1? parted /dev/sda unit s print free?

your LUKS is using a sector size of 4096 bytes, the partition must be multiple of 4096 bytes

yejii · 2022-10-17 15:55:14

Results:

>> blockdev --getsize64 /dev/sda1
4000785964544

>> parted /dev/sda unit s print free
Model: ATA WDC WD40EZRZ-00W (scsi)
Disk /dev/sda: 7814037168s
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:

Number  Start  End          Size         File system  Name     Flags
        34s    2047s        2014s        Free Space
 1      2048s  7814037134s  7814035087s               primary

Am I correct when noting that while LUKS is using a sector size of 4096 bytes, the partition table uses 512? So those numbers don't match, which in turn means the automatic resize with 'cryptsetup resize' calculates a wrong size for the partition?

frostschutz · 2022-10-17 16:35:54

cryptsetup resize is a no-op in your use case - you only need it for online resizing

your partition is the wrong size (not multiple 4096 bytes, even an odd number of sectors in total). just fix that and you're good to go

parted /dev/sda resizepart 1 7814035455s

Last edited by frostschutz (2022-10-17 16:37:59)

yejii · 2022-10-19 12:05:35

Sorry for replying so late.

Thanks for the advice frostschutz. Everything worked out fine.

Arch Linux

#1 2022-10-17 09:19:59

Can't open LUKS volume after cryptsetup resize

#2 2022-10-17 11:20:05

Re: Can't open LUKS volume after cryptsetup resize

#3 2022-10-17 15:55:14

Re: Can't open LUKS volume after cryptsetup resize

#4 2022-10-17 16:35:54

Re: Can't open LUKS volume after cryptsetup resize

#5 2022-10-19 12:05:35

Re: Can't open LUKS volume after cryptsetup resize

Board footer