[dm-crypt] "not a valid LUKS device" after distro change

Jonas Meurer jonas at freesources.org
Wed Oct 29 00:03:01 CET 2014


Hi John,

Am 28.10.2014 um 16:34 schrieb John Wells:
> Hi guys, I know I went silent on this. I ended up being on the road a
> good bit and just restored from back up and accepted it as an isolated
> incident.
> 
> However, today I received some odd messages and the inability to write
> to files.

Too bad, so at least it was not a one-time incident. Instead it follows
a pattern to some degree.

> Now, after reboot, /dev/MORE_VG/MORE_LV is suddenly missing it's Luks
> info as well.
> 
> $ sudo cryptsetup luksOpen /dev/MORE_VG/MORE_LV cryptd
> Device /dev/MORE_VG/MORE_LV is not a valid LUKS device.
> $ sudo head -c 1024 /dev/MORE_VG/MORE_LV | hexdump -C
> 00000000  47 4e 55 20 50 61 72 74  65 64 20 4c 6f 6f 70 62  |GNU Parted
> Loopb|
> 00000010  61 63 6b 20 30 00 00 00  00 00 00 00 00 00 00 00  |ack
> 0...........|
> 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
>  |................|
> *
> 00000400

Did you try to grep for 'LUKS' on /dev/sdc and /dev/sdd in the meantime?

> Maybe the best is to grep the whole physical partition for "LUKS"
> instead of just searching on the LVM logical volume device. If it's
> really linux-md or lvm that mix things up here, then one should not
> trust in alignment and layering by them.
>
> So, John, best would be to do
> # hd /dev/sdc | grep "LUKS"
> # hd /dev/sdd | grep "LUKS"
> (given that sdc and sdd are the disks with md raid-1 and lvm on top).
>
> If I got your setup right, then FINALFRONTIER_VG-HOME_LV is the only
> LUKS-encrypted lv on these disks. Thus, when you get a result, try to
> extract the LUKS header from it using the offset and check its
> validity.

> Recall, before this happened, it looked like this:
> 
> # head -c 1024 /dev/MORE_VG/MORE_LV | hexdump -C
> [...]
> 
> And, sadly for me, my backup software was silently malfunctioning, so I
> have lost a good bit of data in this case.

Maybe you're able to restore the data with the header backup you posted
earlier. If it contains the full header, then you should be able to
restore the header and use it for decrypting the data. Though the
question is, whether the encrypted data is still valid after your
'incident'.

> Any ideas why a LUKS device would suddenly appear as a loopback device?
> I'm totally at a loss and not sure if I can trust luks any more with my
> data, which is sad but understand considering what I paid for it. ;-)

I don't believe that either cryptsetup/LUKS or LVM is the reason for
your troubles.

Do you use the crypttab function of Ubuntu cryptsetup packages? If so,
please paste the content of /etc/crypttab.

Kind regards,
 jonas



More information about the dm-crypt mailing list