[dm-crypt] question

Arno Wagner arno at wagner.name
Sat Dec 13 01:21:03 CET 2014


On Fri, Dec 12, 2014 at 13:59:10 CET, Matthias Schniedermeyer wrote:
> On 12.12.2014 13:11, Arno Wagner wrote:
> > On Thu, Dec 11, 2014 at 23:04:53 CET, Matthias Schniedermeyer wrote:
> > > On 11.12.2014 18:30, Sayler, Craig A. (AFRC-MI)[InuTeq, LLC] wrote:
> > > > Is there a way to decrypt a drive permanently with out reinstalling?
> > > 
> > > Yes.
> > > 
> > > But the much safer way is:
> > > Backup, make a new filesystem on the previous backing-device & Restore 
> > > from backup.
> > > 
> > > 
> > > The unsafe(!) 'inplace' method (that as an advantage doesn't need 
> > > additional storage):
> > > Just open the container normally, 'dd' the mapped container over the 
> > > backing device and pray that process isn't interruped. Because it will 
> > > be a huge PITA if it gets interruped.
> > > 
> > > 
> > > But don't risk it, Backup & Restore is the way this should be done.
> > 
> > Interesting approach! Should work though. But you are right that this
> > is very high risk.
> 
> Standard Unix methodology, i would say.

Not really, as you are accessing the same block device once 
directly and once through the dm-layer encryption at the same
time. Things like buffers become critical. For example, if any
buffer for a change of the original state is flushed with 
a delay, things can get very messy and very broken. But if
the thing is not mounted, there should not be any longer-lived 
buffers and hence it should work.

Gr"usse,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list