[dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation.

Aleksander Swirski aleksanderswirski at gmail.com
Mon Oct 31 01:30:54 CET 2011


I'm pretty sure this warning is only displayed when someone decides to
create new crypto on some partition or fill encrypted device with random
data in the next step after setting the password. but just setting the
password on an existing device makes data unusable without warning. when
the partitioning is finished there is a list of partitions that will be
wiped out, and also, during my installation crypto-deviced and /home inside
LVM was not listed there, but already lost few clicks earlier.

i understand that it wasn't taken into consideration that someone can
attach existing encrypted device, but only that a new one will be created.
this is inconsistent with how it goes with unencrypted partitions, where
you can reattach them without formatting and keep your data. so i guess
with encrypted partition this should also work that way. or maybe i miss
the point? i will try to make the whole scenario clear, and then send my
proposition, to debian-boot at lists.debian.org

On 30 October 2011 23:25, Jonas Meurer <jonas at freesources.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Aleksander,
>
> Am 30.10.2011 19:56, schrieb Aleksander Swirski:
> > I will also try to push this info to the debian devs. I'm not sure
> > how to do that properly (hint appreciated). I know, that the route
> > of installation I took is not a common one, but a simple warning
> > would suffice to avoid this kind of trouble. After all my encrypted
> > LVM and specifically the /home partition within LVM wasn't listed
> > among those, which are to be erased at any point during the
> > installation. (I marked them with - K - keep the data)
>
> I guess that you selected to configure the device which contained the
> LVM volume group as new encrypted device. Then you where asked for the
> new passphrase twice, and a new LUKS header was written to the device,
> overwriting the old LUKS header. That way you shredded all the
> encrypted data on that device, regardless what it was.
>
> The partitions you marked as "keep the data" weren't overwritten, just
> the LUKS header of underlying device was overwritten.
>
> I agree, that a warning in the Debian Installer is a good idea, but to
> be honest, there's already a big fat warning:
>
> > _Description: Really erase the data on ${DEVICE}? The data on
> > ${DEVICE} will be overwritten with random data. It can no longer be
> > recovered after this step has completed. This is the last
> > opportunity to abort the erase.
>
> (from
>
> http://anonscm.debian.org/gitweb/?p=d-i/partman-crypto.git;a=blob;f=debian/partman-crypto.templates
> )
>
> If you like to propose changes to the (warnings in the) process of
> configuring encrypted volumes during installation of Debian, feel free
> to discuss this on debian-boot at lists.debian.org. You might as well
> take a look at the following page:
> http://wiki.debian.org/DebianInstaller/PartmanCrypto
>
> Greetings,
>  jonas
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJOrc7tAAoJEFJi5/9JEEn+bo4P/0vX3AxnpXzWO3NUvYW2wh6H
> k7v8Dhx6Rw5HXttHuF8JSypkvcHuLfWyGLq0J4qlsw4GvK/cPtwdCuSe//uJvqSB
> 4Z6qj55E/3/M+aEBMzT9oBeZ5DVGPp0+76VWFNijGzHYMoT4YYm0pZBsmfZ7U2RJ
> +7xFyGP0d7oXJIqoW8aUyufgdYnRNdcZdJtY27XHgKW1m9ytllIuK0h7hl410/L0
> vy2t4IqSlO5Uko1/bOf3FETNkBRTUl4T2jWMP3dEpNMRobB1ZH5I5menXWSwzgR9
> c2QWRkwQ8iUsAdakofnl9O1jhtw3Z9MKxHQbnxh32oNuS5Aaf5xxfiI7jXf3yY/L
> GUKyIOa5nGtNtwUt4l0RTJAKoyY2J2KtBJm+JL51tQ3q/iyZsfRLVmyczlkzKUhj
> vMKgSzhV8/IyQ/snqftAMqmRXYgaOE3qDCe8MR+EChIFwX2Zr+eRWdRzVFDjQ0kP
> Cyc6Yw3TrthD8GuWWxU93tE3YMVxgI76+lDk/LBLZjviMTEfkR5e+gmuoff+Xdta
> aBYek7loOjkqb+gJ6qeqAKuDLAZnw/BmHfgpYQpatdSeiV6jpGPkGMbYTwDHLlXR
> rE72FJe1emdcDWQ6TE8SP+6KW22HirBPD5q6DPqJ2Oxcxx+AotXeLvDpnhd9S5b2
> fDNHacCUklPyCeH81nsH
> =PLsS
> -----END PGP SIGNATURE-----
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20111031/774b9ce4/attachment.html>


More information about the dm-crypt mailing list