[dm-crypt] mistake with luksFormat

Michael Kjörling michael at kjorling.se
Sat Dec 23 20:23:57 CET 2017


On 23 Dec 2017 11:49 +0100, from aka at alphanet.ch (A. Kapetanovic):
> Unfortunately I did
> 
> cryptsetup -y -v luksFormat /dev/sdb
> 
> and not
> 
> cryptsetup -y -v luksFormat /dev/sdb1

Assuming that your system didn't keep anything critical on /dev/sdb...


> After that I used fdisk to create sdb1 and did

...that should have written a new, valid MBR partition table to it,
and...


> cryptsetup -y -v luksFormat /dev/sdb1
> cryptsetup luksOpen /dev/sdb1 prod

...looks right to set up a LUKS container on the freshly created
partition. That partition may have had garbage near the beginning from
the old LUKS header on /dev/sdb, but that's inconsequential as
luksFormat would overwrite it anyway, and any previously existing
plaintext data will just be treated as ciphertext which decrypts to
garbage.


> and
> 
> pv -tpreb /dev/zero | dd of=/dev/mapper/prod bs=128M

That would operate only through the LUKS container, so cannot
reasonably have damaged any LUKS metadata.


> 2. My HDD did repetitive noises several hours (now that has
> stopped), even after a reboot.

It's hard to diagnose simply based on "repetitive noises", but unless
you took specific steps to do otherwise, anything done by the pv | dd
command should have stopped no later than when you rebooted the
system.


> Have I to do something more, or were the noises of the HDD simple my
> 
> pv -tpreb /dev/zero | dd of=/dev/mapper/prod bs=128M
> 
> command, even if
> 
> ps -a | grep dd
> 
> didn't display anything ?

There is a small possibility that the system was, after "dd" exited,
still writing out data that was in the write cache, but that shouldn't
take more than a few seconds even on a heavily loaded modern system.
(You can add "flags=sync" to avoid that, or use a different tool such
as GNU ddrescue.)

I suggest checking the SMART data to see how the drive is reporting
its own health. "smartctl --attributes /dev/sdb" as root should be a
start. In the SMART attributes list, look closely at any attribute
where the "VALUE" is close to "THRESH", or where "WHEN_FAILED" says
anything other than "-".

Other than that, I concur with Arno's analysis that it was likely just
a coincidence, possibly triggered by heavy I/O but unrelated to LUKS
as such.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the dm-crypt mailing list