[dm-crypt] Truecrypt system partition support

Milan Broz gmazyland at gmail.com
Mon Jun 24 07:48:44 CEST 2013


On 23.6.2013 23:06, Jan Janssen wrote:
> On 06/23/2013 05:33 PM, Milan Broz wrote:
>> Hi,
>>
>> The shared device for system encryption is fixed in devel git
>> http://code.google.com/p/cryptsetup/source/detail?r=a36de633d50d1e047cf5c0c3bc5e4d16a411fb62#
>>
>> Please let me know if there is any other problem.
> 
> Still can't open it :(
> 
>     # sudo cryptsetup --tcrypt-system tcryptOpen /dev/sda windows
>     device-mapper: reload ioctl on  failed: Invalid argument
> 
> The journal has some additional information:
> kernel: device-mapper: table: 254:1: crypt: Device lookup failed
> kernel: device-mapper: ioctl: error adding target to table

Hm, seems like completely different problem. 
I cannot check whats going on without more information here, ideally
- cryptsetup output with --debug switch
- tcryptDump (mainly offsets and data sizes stored there)
- exact sizes of partitions (fdils -l -u, blockdev --getsz /dev/sda* or so)

(but please note it will provide some info which is hidden, do not send it
if it is problem :-)

Ideally I would like to reproduce it, for my encrypted VM on partition
it works.
How did you create this config? ANy manipulations with apartitions after
system reencryption?

> 
> Also, something's off about the --key-file option with tcrypt. I can't
> get it to accept my password from the file. But if I pipe it with cat
> to stdin it works. Maybe it's supposed to be this way, but then I think
> it needs extra mention in the manpage. And maybe there should be a way
> to provide a --passphrase-file option or something along those lines
> if the current handling is different to how its handled for luks.

So you are not using Truecrypt keyfile but just passphrase in file,
so pipe is the correct way. I thought it is explained in man page
but if not, it need some care. If you have some idea how to describe
it betrer, just send me a patch.
(And adding more otpion will cause even more chaos here :)

Thanks,
Milan


More information about the dm-crypt mailing list