[dm-crypt] After reboot: "Command failed with code 22: Device /dev/md2 is not a valid LUKS device."

Jens-Michael Hoffmann jmho at jmho.de
Tue Apr 23 18:08:21 CEST 2013


Am Dienstag, 23. April 2013, 17:52:13 schrieb Arno Wagner:
> On Tue, Apr 23, 2013 at 05:13:57PM +0200, Jens-Michael Hoffmann wrote:
> > hello,
> > 
> > the LUKS device in question was setup on top of a raid6 (/dev/md2)
> > consisting of 6 partitions (1.8TB each).
> > 
> > The LUKS device was created with
> > 
> > cryptsetup --verbose --cipher=aes-xts-plain64 --key-size=256 --verify-
> > passphrase luksFormat /dev/md2
> 
> Ok.
> 
> > Then it was opened with (probably, what I could tell from history):
> > 
> > cryptsetup -v create md2_crypt /dev/md2
> 
> That puts a plain dm-crypt mapping on top of the LUKS device.
> Open a LUKS device with "luksOpen" not with "create".
> 
> > and a XFS filesystem was created on top of it.
> 
> That now is in the plain dm-crypt container and likely
> did damage the LUKS container created before.
> 
> > I put some files on the filesystem which all seemed to work.
> > After the first reboot, the array was assembled correctly, but I could not
> > create the crypt mapping anymore:
> > 
> > root at babylon5:~# LANG=C cryptsetup -v --debug isLuks /dev/md2
> > # cryptsetup 1.4.3 processing "cryptsetup -v --debug isLuks /dev/md2"
> > # Running command isLuks.
> > # Allocating crypt device /dev/md2 context.
> > # Trying to open and read device /dev/md2.
> > # Initialising device-mapper backend, UDEV is enabled.
> > # Detected dm-crypt version 1.12.1, dm-ioctl version 4.23.1.
> > # Trying to load LUKS1 crypt type from device /dev/md2.
> > # Crypto backend (gcrypt 1.5.0) initialized.
> > # Reading LUKS header of size 1024 from device /dev/md2
> > # LUKS header not detected.
> > Device /dev/md2 is not a valid LUKS device.
> > # Releasing crypt device /dev/md2 context.
> > # Releasing device-mapper backend.
> > Command failed with code 22: Device /dev/md2 is not a valid LUKS device.
> 
> Likely something you wrtoe to the plain mapping overwrote
> the LUKS header. Open it as plain to access it.
> 
> > The data I put there was not overly important, but still it would be
> > nice if it would not be all lost.
> > 
> > Is there anything I can try? (I did not yet try cryptsetup --repair)
> 
> Don't try that. Your data is in a plain dm-crypt container,
> not in the LUKS container that was damaged. Just open it
> with "create" again. ("create" does not write anything to disk.
> IT just creates the plain mapping. No data is written to disk
> as a plain mapping does not have metadata.)

Many thanks!

"cryptsetup -v create md2_crypt /dev/md2" indeed successfully created the 
mapping and I could mount the filesystem.

Just out of curiosity: Is the cipher and key size combination (aes-xts-
plain64, 256 bit) the default or why did I have not to specify it to create 
the mapping? (IIUC the metadata of plain mappings is not stored?)


kind regards,
Jens-Michael



More information about the dm-crypt mailing list