You are not logged in.
I encrypted my disk with luks2, and I add some tpm2 tokens.
I reinstalled OS, and cleared my tpm keys.
And i when I'm trying to decrypt my storage, I have this error
cryptsetup luksOpen /dev/sdb1 other
WARNING:esys:src/tss2-esys/api/Esys_Load.c:324:Esys_Load_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Load.c:112:Esys_Load() Esys Finish ErrorCode (0x000001df)
Failed to unseal secret using TPM2:
No key available with this passphraseMy header dump
LUKS header information
Version: 2
Epoch: 22
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: e6d2c3ba-2101-40a8-ade3-3a5589420119
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 4096 [bytes]
Keyslots:
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: pbkdf2
Hash: sha512
Iterations: 1000
Salt: c7 9c dc 8b 12 88 6e 74 6f 22 07 50 e9 60 87 76
62 a7 a1 96 08 94 be c2 0b e9 9a 2b fe 1b 1b 3f
AF stripes: 4000
AF hash: sha512
Area offset:290816 [bytes]
Area length:258048 [bytes]
Digest ID: 0
2: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: pbkdf2
Hash: sha512
Iterations: 1000
Salt: 2c 49 60 d1 91 81 5b 72 1e e5 18 d2 4a b0 18 f5
42 69 d5 26 48 f1 d4 1a d0 66 6f 95 d9 4e 4c 66
AF stripes: 4000
AF hash: sha512
Area offset:548864 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
0: systemd-tpm2
tpm2-hash-pcrs: 7
tpm2-pcr-bank: sha256
tpm2-pubkey:
(null)
tpm2-pubkey-pcrs:
tpm2-primary-alg: ecc
tpm2-pin: false
tpm2-pcrlock: false
tpm2-salt: false
tpm2-srk: true
tpm2-pcrlock-nv: false
tpm2-policy-hash:
33 47 81 3b d3 e1 70 a6 79 d2 a6 3f 94 79 2e 32
77 d7 54 ad 46 8a 22 e1 5d c5 8f f7 a4 8a 44 72
tpm2-blob: 00 9e 00 20 30 51 87 cf a4 e5 22 84 fd 50 b9 f5
e7 f9 c7 63 5c 52 d5 26 0b 10 5c 07 d5 37 25 12
7f 33 23 fe 00 10 a4 da e2 3c b2 a5 fb 36 e4 83
2a ee 7c d7 f2 64 77 4a 63 91 20 d2 94 2b e1 bc
d2 de 87 f5 5f 1c db 95 2b 64 14 5a c2 0e c9 b2
ea 16 2f 68 66 fc 35 ea a9 ee 9a 44 e0 aa c3 51
7c 81 e6 72 7d 6a 66 b0 1d 12 6e f2 c6 bc 66 a6
73 a4 f2 8f b7 9b a0 7c c1 f5 55 b6 43 26 56 ff
0e 03 d5 51 97 d7 fc 84 7e 25 f1 a0 b2 c0 a4 60
b5 bf 3e 1d 70 9d d2 8c 31 9d 38 e7 9a 94 4c 53
00 4e 00 08 00 0b 00 00 04 12 00 20 33 47 81 3b
d3 e1 70 a6 79 d2 a6 3f 94 79 2e 32 77 d7 54 ad
46 8a 22 e1 5d c5 8f f7 a4 8a 44 72 00 10 00 20
40 e3 72 fd 66 08 6e ba 2b 9a 80 e0 6d cd 82 6b
7d 81 e3 47 dc f5 29 64 5e 60 43 6e 1d fc a7 1b
Keyslot: 1
1: systemd-tpm2
tpm2-hash-pcrs: 7
tpm2-pcr-bank: sha256
tpm2-pubkey:
(null)
tpm2-pubkey-pcrs:
tpm2-primary-alg: ecc
tpm2-pin: false
tpm2-pcrlock: false
tpm2-salt: false
tpm2-srk: true
tpm2-pcrlock-nv: false
tpm2-policy-hash:
b1 61 b4 69 28 35 1f 67 64 9c 5a c9 66 b5 22 ae
b5 06 81 3d fc e5 16 76 5b 37 03 61 ff 5d dd 7b
tpm2-blob: 00 9e 00 20 85 a0 b7 bd e0 bb dd c8 7d 7c b5 79
07 a8 50 f7 18 37 5e cf a5 d0 46 a4 69 48 91 91
ee 46 04 32 00 10 76 35 42 ec 4e ab 1b f9 ee af
6a 8f b8 7f d9 c4 3e c8 6a 52 c5 5c c0 d1 d7 63
39 d0 53 4e dc 09 7f c3 89 92 a3 85 35 13 28 93
90 fd c6 fe c0 ac 47 57 99 3e 1f 59 f0 c8 9b ed
0c dd 7d f0 88 87 c8 33 d7 79 42 05 c9 f7 4d f7
af ac bc 1e f2 7b d4 fa 7e ed e5 44 78 85 85 a7
cf b0 0c fe 6c 1d 4f 98 54 19 e6 bb 49 5f 8a 73
4d a2 7c c8 af 4b 72 8f 60 99 ad 98 3d ec 57 4f
00 4e 00 08 00 0b 00 00 04 12 00 20 b1 61 b4 69
28 35 1f 67 64 9c 5a c9 66 b5 22 ae b5 06 81 3d
fc e5 16 76 5b 37 03 61 ff 5d dd 7b 00 10 00 20
51 8f 8d 22 ce 49 e8 7b 4b 74 fb 3d 3a 72 f4 15
33 3b 7c 30 f5 1e 28 e2 74 3c 97 ad 5f d2 7a af
Keyslot: 2
Digests:
0: pbkdf2
Hash: sha256
Iterations: 366122
Salt: 8e b0 ef 6f ae 7b 7b 54 98 c2 8f 11 f5 69 80 4b
80 f0 ab d5 3e d5 75 bc 60 5e 84 04 c1 a1 1f 42
Digest: fc c0 de d1 b3 30 0f b0 d1 27 72 ca e8 bf ac eb
9c 10 c4 1f 30 bf 35 c3 09 30 41 27 11 cb 44 49I also found some header in hex, maybe it's from this partition, or maybe from previous encryption
LUKSºŸ@sha256¿CÖé/É1¯ç ]gŸD»þÊhøòRj+NyÆèÃÒË*,Aóp·9©
DÍGÒŒM ßAšuÔ51562be4-5f96-49ca-8903-5775611f355fqgÈ^~ø+!ål~ÖaYêõ]Â%®€Ï@¡ï
{
"keyslots":{
"0":{
"type":"luks2",
"key_size":64,
"af":{
"type":"luks1",
"stripes":4000,
"hash":"sha256"
},
"area":{
"type":"raw",
"offset":"32768",
"size":"258048",
"encryption":"aes-xts-plain64",
"key_size":64
},
"kdf":{
"type":"argon2id",
"time":15,
"memory":1048576,
"cpus":4,
"salt":"f/d3WeyHtKoZ5FKuy0R1+k6XAMeJrFbfJIo6H5o/yqA="
}
}
},
"tokens":{
},
"segments":{
"0":{
"type":"crypt",
"offset":"16780288",
"size":"dynamic",
"iv_tweak":"0",
"encryption":"aes-xts-plain64",
"sector_size":512
}
},
"digests":{
"0":{
"type":"pbkdf2",
"keyslots":[
"0"
],
"segments":[
"0"
],
"hash":"sha256",
"iterations":344926,
"salt":"65kQEQm6EpxpzZVCimqDPLmpH9+gXh4O5LHHmRk43cU=",
"digest":"q4xTmdg9JRBQODDn0rZqFq3NA2W5Shujd2BC0lEx7uY="
}
},
"config":{
"json_size":"12288",
"keyslots_size":"16744448"
}
}Also, I tried to restore my TPM, but AI, have told me that this is unreal to restore TPM, even if I have old PCR values.
I don't have backups, I sure remember my passphrase, my last hope is to try restore this second header that I have in hex.
Last edited by lazydid (2025-01-18 15:12:37)
Offline