[dm-crypt] cryptsetup luksClose
Marc Schwarzschild
ms at TheBrookhavenGroup.com
Tue Jan 17 22:31:16 CET 2012
Thank you. I gather from this that I can safely halt or reboot
while a disk is mounted, right?
--- January 17, 2012 Milan Broz sent: ---
On 01/16/2012 03:48 PM, Marc Schwarzschild wrote:
> I am setting up an external USB encrypted drive. I can mount it
> manually after I boot the computer. I understand that I must
> issue the 'cryptsetup luksClose' after I umount the disk. How do
> I arrange for this as part of the Debian halt process so it
> happens automatically when the server is shutdown?
It is not cryptsetup job, it should be part of initscripts/systemd
to correctly unmap active devices on shutdown.
(Usually it tries to unmap all crypto disks except device
with root fs which is just remounted read-only. Recent systemd is able
to unmouteven root device properly.)
For hot-plugged disks it is usually handled by some GUI service,
usually based on udisks.
> What happens
> if there is a power failure and 'cryptsetup luksClose' was not
> executed?
For LUKS, no need to worry after power failure - luksClose
just remove kernel mapping (kernel state) it doesn't touch
on-disk metadata at all.
(Of course there can be some filesystem damage after power failure,
but that's not LUKS related, it can happen even for unencrypted fs.)
Milan
--
_________________________________________________________
Marc Schwarzschild 212-580-1175 The Brookhaven Group, LLC
More information about the dm-crypt
mailing list