You are not logged in.

Pages: 1

#1 2024-08-22 20:46:29

folprecht
Member
Registered: 2024-08-22
Posts: 4

LUKS header accidentally destroyed

Hello. During a process of resizing a LUKS part I accidentally ran e2fsck which destroyed the LUKS part. I do have the header backed up however trying to restore it with vgcfgrestore fails saying that device with said uuid couldn't be found and volume group's PVs is missing. The part cannot be unlocked because luks Open: "...is not a valid LUKS device". luksHeaderRestore: "backup file does not contain LUKS header".

   lsblk

  NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0         7:0    0  74.2M  1 loop /run/artix/sfs/livefs
loop1         7:1    0   1.7G  1 loop /run/artix/sfs/rootfs
sdb           8:16   1   3.8G  0 disk /run/artix/bootmnt
├─sdb1        8:17   1   1.8G  0 part 
└─sdb2        8:18   1     4M  0 part 
sdc           8:32   1   1.9G  0 disk 
└─sdc1        8:33   1   1.9G  0 part /run/media/artix/C961-B4E4
nvme0n1     259:0    0 238.5G  0 disk 
├─nvme0n1p1 259:1    0 151.5G  0 part 
├─nvme0n1p2 259:2    0   300M  0 part 
└─nvme0n1p4 259:3    0  35.1G  0 part

   blkid

/dev/loop1: BLOCK_SIZE="131072" TYPE="squashfs"
/dev/nvme0n1p4: UUID="496130fe-463a-43c7-b18f-63bbf3de4dc6" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="3f489a06-d4c0-454b-b410-5d72f1760c28"
/dev/nvme0n1p2: UUID="5493-77A2" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="3c6eee50-6b9a-495e-afe8-c38fdc15f0ad"
/dev/sdb2: SEC_TYPE="msdos" LABEL_FATBOOT="ARTIX_EFI" LABEL="ARTIX_EFI" UUID="192C-23BC" BLOCK_SIZE="512" TYPE="vfat"
/dev/sdb1: BLOCK_SIZE="2048" UUID="2024-08-17-22-31-57-00" LABEL="ARTIX_202408" TYPE="iso9660"
/dev/loop0: BLOCK_SIZE="131072" TYPE="squashfs"
/dev/sdc1: UUID="C961-B4E4" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="a0871a8b-01"
/dev/nvme0n1p1: PARTUUID="ad4ebde5-ad35-446b-a957-ef0e7bb21ac0"

   vgcfgrestore -l main

  No archives found in /etc/lvm/archive.
   
  File:         /etc/lvm/backup/main
  VG name:      main
  Description:  Created *after* executing 'vgscan'
  Backup Time:  Thu Aug 22 13:39:43 2024

Backed up header:

# Generated by LVM2 version 2.03.25(2) (2024-07-12): Thu Aug 22 13:39:43 2024

contents = "Text Format Volume Group"
version = 1

description = "Created *after* executing 'vgscan'"

creation_host = "host"	# Linux host 6.10.4-hardened1-1-hardened #1 SMP PREEMPT_DYNAMIC Wed, 14 Aug 2024 17:10:25 +0000 x86_64
creation_time = 1724333983	# Thu Aug 22 13:39:43 2024

main {
	id = "N3mA2x-P5fe-MxFN-Mhwz-nblh-7wHY-ppF3s3"
	seqno = 10
	format = "lvm2"			# informational
	status = ["RESIZEABLE", "READ", "WRITE"]
	flags = []
	extent_size = 8192		# 4 Megabytes
	max_lv = 0
	max_pv = 0
	metadata_copies = 0

	physical_volumes {

		pv0 {
			id = "F2iC7h-2rCw-JHAZ-AtkZ-DwR3-Y79j-ftPyHA"
			device = "/dev/mapper/lvm"	# Hint only

			status = ["ALLOCATABLE"]
			flags = []
			dev_size = 188385280	# 89.8291 Gigabytes
			pe_start = 2048
			pe_count = 22996	# 89.8281 Gigabytes
		}
	}

	logical_volumes {

		root {
			id = "0O4ePi-eeHX-a8dL-5CWb-3ofe-iG13-EGpfbA"
			status = ["READ", "WRITE", "VISIBLE"]
			flags = []
			creation_time = 1724071046	# 2024-08-19 12:37:26 +0000
			creation_host = "artix-live"
			segment_count = 2

			segment1 {
				start_extent = 0
				extent_count = 5120	# 20 Gigabytes

				type = "striped"
				stripe_count = 1	# linear

				stripes = [
					"pv0", 0
				]
			}
			segment2 {
				start_extent = 5120
				extent_count = 1024	# 4 Gigabytes

				type = "striped"
				stripe_count = 1	# linear

				stripes = [
					"pv0", 14552
				]
			}
		}

		swap {
			id = "R3pwpP-D20X-6dYQ-zkzI-QU8H-nBTU-0eoYit"
			status = ["READ", "WRITE", "VISIBLE"]
			flags = []
			creation_time = 1724071062	# 2024-08-19 12:37:42 +0000
			creation_host = "artix-live"
			segment_count = 1

			segment1 {
				start_extent = 0
				extent_count = 2048	# 8 Gigabytes

				type = "striped"
				stripe_count = 1	# linear

				stripes = [
					"pv0", 5120
				]
			}
		}

		home {
			id = "9hmCvi-6OW3-4kk9-4lxU-ryPY-MeqB-VXbCA0"
			status = ["READ", "WRITE", "VISIBLE"]
			flags = []
			creation_time = 1724071069	# 2024-08-19 12:37:49 +0000
			creation_host = "artix-live"
			segment_count = 1

			segment1 {
				start_extent = 0
				extent_count = 7384	# 28.8438 Gigabytes

				type = "striped"
				stripe_count = 1	# linear

				stripes = [
					"pv0", 7168
				]
			}
		}

		zalo {
			id = "8z4TDn-xCky-jcVW-sVGu-k4Y7-hQjQ-aQlaxn"
			status = ["READ", "WRITE", "VISIBLE"]
			flags = []
			creation_time = 1724330594	# 2024-08-22 12:43:14 +0000
			creation_host = "artix-live"
			segment_count = 1

			segment1 {
				start_extent = 0
				extent_count = 7168	# 28 Gigabytes

				type = "striped"
				stripe_count = 1	# linear

				stripes = [
					"pv0", 15576
				]
			}
		}
	}

}

Last edited by folprecht (2024-08-22 20:47:41)

Offline

#2 2024-08-23 07:14:53

folprecht
Member
Registered: 2024-08-22
Posts: 4

Re: LUKS header accidentally destroyed

Does anyone know how to restore it to a working state? I've just finished a lengthy installation process.

Offline

#3 2024-08-23 08:29:35

frostschutz
Member
Registered: 2013-11-15
Posts: 1,471

Re: LUKS header accidentally destroyed

The "header" you posted is not a LUKS header but LVM metadata. And if I read the LVM metadata correctly, it describes a physical volume "/dev/mapper/lvm" which is presumably a LUKS device, so you were using LVM inside LUKS. But to get to this LVM you have to open LUKS first and for that, you need an intact LUKS header.

I wrote a guide on cryptsetup repair (for partially damaged LUKS2 headers) over here: https://unix.stackexchange.com/a/741850/30851 - if it can be salvaged at all, then this is it.

Otherwise you need a full backup of the LUKS header.

Without LUKS it's game over.

Offline

#4 2024-08-23 15:27:18

folprecht
Member
Registered: 2024-08-22
Posts: 4

Re: LUKS header accidentally destroyed

frostschutz wrote:

The "header" you posted is not a LUKS header but LVM metadata. And if I read the LVM metadata correctly, it describes a physical volume "/dev/mapper/lvm" which is presumably a LUKS device, so you were using LVM inside LUKS. But to get to this LVM you have to open LUKS first and for that, you need an intact LUKS header.

I wrote a guide on cryptsetup repair (for partially damaged LUKS2 headers) over here: https://unix.stackexchange.com/a/741850/30851 - if it can be salvaged at all, then this is it.

Otherwise you need a full backup of the LUKS header.

Without LUKS it's game over.

Yes, I believe it is a LVM inside LUKS. The installation procedure I followed underscored the importance of making a backup of /etc/lvm/backup, without a guide on how to restore it if needed (nor did it mention that LVM backup is worthless when the containing LUKS is damaged).

I did come across your extensive and detailed guide part I & II when troubleshooting this. Part I failed somewhere around "cryptsetup repair" or "cryptsetup luksDump" part for not being recognized as LUKS. Part II failed in the first step already (truncate) because the partition is rather large so I ran it on /dev/nvme0n1p1 instead of creating .img first. Then step "parted /dev/loop0 -- mkpart luks $((RANDOM%100))MiB 100%" failed saying: 

parted: invalid token: luks
New disk label type?

Any way out of this? (If not and the partition is screwed, how do I create and eventually restore the LUKS header for future reference?)

Offline

#5 2024-08-23 16:11:49

kermit63
Member
Registered: 2018-07-04
Posts: 254

Re: LUKS header accidentally destroyed

LUKS header backup and restore

Never argue with an idiot, they will drag you down to their level and then beat you with experience.
It is better to light a candle than curse the darkness.
A journey of a thousand miles begins with a single step.

Offline

#6 2024-08-23 16:45:18

frostschutz
Member
Registered: 2013-11-15
Posts: 1,471

Re: LUKS header accidentally destroyed

folprecht wrote:

Part II failed in the first step already (truncate) because the partition is rather large so I ran it on /dev/nvme0n1p1 instead of creating .img first. Then step "parted /dev/loop0 -- mkpart luks $((RANDOM%100))MiB 100%" failed saying:

The guide creates a sample file to demonstrate the idea or to exercise on. None of these commands should be run on your actual partitions, or you'll just damage it even further. Sorry, if this was not obvious. I'll try to edit it...

Offline

#7 2024-08-23 21:02:19

folprecht
Member
Registered: 2024-08-22
Posts: 4

Re: LUKS header accidentally destroyed

frostschutz wrote:
folprecht wrote:

Part II failed in the first step already (truncate) because the partition is rather large so I ran it on /dev/nvme0n1p1 instead of creating .img first. Then step "parted /dev/loop0 -- mkpart luks $((RANDOM%100))MiB 100%" failed saying:

The guide creates a sample file to demonstrate the idea or to exercise on. None of these commands should be run on your actual partitions, or you'll just damage it even further. Sorry, if this was not obvious. I'll try to edit it...

Well it was a freshly (but painstakingly) installed system. No personal data there. I guess I'll start over then.  *sigh*

Offline

Pages: 1

Board footer

Powered by FluxBB