[dm-crypt] LUKS2 resizing

Ondrej Kozina okozina at redhat.com
Wed Dec 13 14:04:01 CET 2017


On 12/13/2017 12:35 AM, Andrius Štikonas wrote:
> I was testing how well KDE Partition Manager works on LUKS2 partitions.
> Apparently, it fails to resize them. It seems that now cryptsetup resize asks
> for passphrase before resizing the container.

Yes, cryptsetup utility asks for passphrase if it detects volume key was 
previously passed to dm-crypt via kernel keyring service. VK is passed 
to kernel keyring by default for LUKS2 devices.

> 
> Unfortunately, I wasn't able to find any documentation on this. So, the passphrase
> is now required to resize the container? When I tried entering wrong passphrase,
> cryptsetup silently returns exit code 2, not 0. I guess cryptsetup refused to resize. Am I right?

Unfortunately we forgot to regenerate doxygen API documentation together 
with 2.0.0 final release. But we fixed the mistake recently.

See note at bottom of crypt_resize() description: 
https://gitlab.com/cryptsetup/cryptsetup/wikis/API/group__crypt-actions.html#ga168bcd5097cdf64774540fdeaacefbc0

On libcryptsetup API level, you can either query active device 
(crypt_get_active_device()) and check for CRYPT_ACTIVATE_KEYRING_KEY 
flag. The flag raised means you should load volume key to keyring before 
crypt_resize(). Or, you can detect return value from crypt_resize. The 
-EPERM hints you basically the same.

Thank you for the report. I'll check the silent failure with cryptsetup 
utility. Yes, in general exit status != 0 says the operation was not 
performed.

Regards
Ondrej


More information about the dm-crypt mailing list