[dm-crypt] Truecrypt system partition support

Jan Janssen medhefgo at web.de
Mon Jun 24 15:55:16 CEST 2013


On 06/24/2013 07:48 AM, Milan Broz wrote:
> Hm, seems like completely different problem.
> I cannot check whats going on without more information here, ideally
> - cryptsetup output with --debug switch
> - tcryptDump (mainly offsets and data sizes stored there)
> - exact sizes of partitions (fdils -l -u, blockdev --getsz /dev/sda* or so)
>
> (but please note it will provide some info which is hidden, do not send it
> if it is problem :-)

Hi,

here's the info. The open log is attached.

TCRYPT header information for /dev/sda
Version:        5
Driver req.:    7
Sector size:    512
MK offset:      106928640
PBKDF2 hash:    ripemd160
Cipher chain:   aes
Cipher mode:    xts-plain64
MK bits:        512

# for i in /dev/sda*; do echo -n "$i: "; sudo blockdev --getsz $i; done
/dev/sda: 120103200
/dev/sda1: 208782
/dev/sda2: 62701695
/dev/sda3: 57192660

# fdisk -l -u
Disk /dev/sda: 61.5 GB, 61492838400 bytes, 120103200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000bfd29

    Device Boot      Start         End      Blocks   Id  System
/dev/sda1              63      208844      104391   83  Linux
/dev/sda2   *      208845    62910539    31350847+   7  HPFS/NTFS/exFAT
/dev/sda3        62910540   120103199    28596330   83  Linux

> Ideally I would like to reproduce it, for my encrypted VM on partition
> it works.
> How did you create this config? ANy manipulations with apartitions after
> system reencryption?

I did nothing peculiar to the system. Created the layout with gparted. I
did install grub2, but it also didn't work the truecrypt bootloader.

>>
>> Also, something's off about the --key-file option with tcrypt. I can't
>> get it to accept my password from the file. But if I pipe it with cat
>> to stdin it works. Maybe it's supposed to be this way, but then I think
>> it needs extra mention in the manpage. And maybe there should be a way
>> to provide a --passphrase-file option or something along those lines
>> if the current handling is different to how its handled for luks.
>
> So you are not using Truecrypt keyfile but just passphrase in file,
> so pipe is the correct way. I thought it is explained in man page
> but if not, it need some care. If you have some idea how to describe
> it betrer, just send me a patch.
> (And adding more otpion will cause even more chaos here :)

After re-reading it's a little clearer now. I still miss a way to
supply the passphrase in a file without resorting to piping it to stdin.
It's not an issue for luks since it allows passphrases and keyfiles
together, but truecrypt doesn't allow keyfiles in system mode.

Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcrypt-open.log
Type: text/x-log
Size: 3750 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20130624/65063847/attachment.bin>


More information about the dm-crypt mailing list