[dm-crypt] cryptsetup luksClose

Milan Broz mbroz at redhat.com
Tue Jan 17 09:50:56 CET 2012


On 01/16/2012 03:48 PM, Marc Schwarzschild wrote:
> I am setting up an external USB encrypted drive. I can mount it
> manually after I boot the computer. I understand that I must
> issue the 'cryptsetup luksClose' after I umount the disk. How do
> I arrange for this as part of the Debian halt process so it
> happens automatically when the server is shutdown?

It is not cryptsetup job, it should be part of initscripts/systemd
to correctly unmap active devices on shutdown.
(Usually it tries to unmap all crypto disks except device
with root fs which is just remounted read-only. Recent systemd is able
to unmouteven root device properly.)

For hot-plugged disks it is usually handled by some GUI service,
usually based on udisks.

> What happens
> if there is a power failure and 'cryptsetup luksClose' was not
> executed?

For LUKS, no need to worry after power failure - luksClose
just remove kernel mapping (kernel state) it doesn't touch
on-disk metadata at all.
(Of course there can be some filesystem damage after power failure,
but that's not LUKS related, it can happen even for unencrypted fs.)

Milan


More information about the dm-crypt mailing list