[dm-crypt] LUKS backup headers for recovery

Two Spirit twospirit6905 at gmail.com
Thu Jul 19 20:36:53 CEST 2012


Hello world,

I'm a heavy believer in the backup mantra "2 is 1 and 1 is none", and start
to feel comfortable when I have 3. Luckily I had backups to handle my
recent data loss with LUKS, but I had to suffer a long restore time as the
capacities get larger.

Are there backup headers/superblocks/metadata (whatever you call it) within
the LUKS container so that if the header
is somehow corrupt, I can utilize the backup copy from within the container
like file systems have. (I understand there is still a question
of pre-decryption / post decryption. Since these are usually long running
file servers, I've found lots of discussions about passphrase recovery
while the systems are still running and not luksClosed). I did google
around for LUKS recovery procedures, but there were lots of bad long
involved processes out there that didn't work or I couldn't get to work.

I now see the  luksHeaderBackup and luksHeaderRestore commands.(My excuse
is that I don't recall them when I first learned about cryptsetup many
years ago.) but it sounds like I have (or some sysadmin has) to make my own
backups of this information else if I don't, I'm screwed if I get
corruption in the LUKS header so it is almost a mandatory procedure --
something I think lot of people would also not have done.

Yes, I have seen a seasoned sysadmin run #rm -rf * from root on a
production server, so I could forsee someone doing something to mess up the
LUKS headers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20120719/d6e9af61/attachment.html>


More information about the dm-crypt mailing list