[dm-crypt] cryptsetup luksClose

Marc Schwarzschild ms at TheBrookhavenGroup.com
Tue Jan 17 22:31:16 CET 2012


Thank you.  I gather from this that I can safely halt or reboot
while a disk is mounted, right?

--- January 17, 2012 Milan Broz sent: ---

  On 01/16/2012 03:48 PM, Marc Schwarzschild wrote:
  > I am setting up an external USB encrypted drive. I can mount it
  > manually after I boot the computer. I understand that I must
  > issue the 'cryptsetup luksClose' after I umount the disk. How do
  > I arrange for this as part of the Debian halt process so it
  > happens automatically when the server is shutdown?
  
  It is not cryptsetup job, it should be part of initscripts/systemd
  to correctly unmap active devices on shutdown.
  (Usually it tries to unmap all crypto disks except device
  with root fs which is just remounted read-only. Recent systemd is able
  to unmouteven root device properly.)
  
  For hot-plugged disks it is usually handled by some GUI service,
  usually based on udisks.
  
  > What happens
  > if there is a power failure and 'cryptsetup luksClose' was not
  > executed?
  
  For LUKS, no need to worry after power failure - luksClose
  just remove kernel mapping (kernel state) it doesn't touch
  on-disk metadata at all.
  (Of course there can be some filesystem damage after power failure,
  but that's not LUKS related, it can happen even for unencrypted fs.)
  
  Milan

-- 

_________________________________________________________
Marc Schwarzschild 212-580-1175 The Brookhaven Group, LLC


More information about the dm-crypt mailing list