[dm-crypt] Unexpected behavior in cryptsetup-1.5.1

jason_daly at lavabit.com jason_daly at lavabit.com
Fri Dec 28 16:22:26 CET 2012


I recently upgraded to cryptsetup-1.5.1 and I ran into some unexpected
behavior with this new version.

The issue happens when creating LUKS-formatted container files, as follows:
dd if=/dev/urandom of=container bs=1M count=8
cryptsetup -v luksFormat container

This will overwrite data on container irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot wipe header on device container.
Command failed with code 22: Cannot wipe header on device container.
To get it to work, I now have to set up a loopback device:

losetup /dev/loop7 container
cryptsetup -v luksFormat /dev/loop7

Or using a detached header, it works to do this:

losetup /dev/loop6 header-file
cryptsetup -v luksFormat --header /dev/loop6 container

I see that in the release notes for cryptsetup-1.5.1, it talks about "lazy
initializations."  Could this be the cause of this new behavior, and if
so, is this an expected trade-off in order to allow for some cryptsetup
operations to be run by non-root users?  I guess if you could clarify
whether this is expected new behavior or a bug, I would appreciate it.

Thank you,
Jason Daly

More information about the dm-crypt mailing list