[dm-crypt] Tcrypt hidden volume

Milan Broz gmazyland at gmail.com
Mon Jul 1 21:17:03 CEST 2013


On 1.7.2013 12:33, Jan Janssen wrote:
> Hi,
>
> while testing how the tcrypt passphrase + keyfile logic works, I
> realized that there doesn't seem to be a way to protect the hidden
> volume from being damaged by writes to a mounted outer volume like
> truecrypt does. I think this deserves a warning in the man page
> since this is a potential data loss.

Yes, you are right. There is no protection of hidden volume once
outer volume is mounted.
(BTW the protection itself reveals hidden volume existence.)

Protection can be done on DM (kernel level) quite easily
(map this linear part to virtual zero or error target masking
out the data underneath) but it would require quite big changes
in cryptsetup wrapper (which was meant to be simple 1:1 mapping).
So I decided to ignore this problem for now...

But yes, there should be some note in man page.

Milan


More information about the dm-crypt mailing list