[dm-crypt] LUKS header always disappears after reboot

Arno Wagner arno at wagner.name
Wed Jan 4 19:59:42 CET 2012

On Tue, Jan 03, 2012 at 10:46:49PM -0500, Cory Coager wrote:
> I have a dedicated drive used just for data. The entire drive is
> encrypted with cryptsetup & LUKS. Since the drive is 3tb in size I had
> to create the partition with parted. The partition is aligned for
> optimal performance.
> fdisk -lu:
> WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util
> fdisk doesn't support GPT. Use GNU Parted.
> Disk /dev/sdb: 3000.6 GB, 3000592982016 bytes
> 255 heads, 63 sectors/track, 364801 cylinders, total 5860533168 sectors
> Units = sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes
> Disk identifier: 0x00000000
>    Device Boot      Start         End      Blocks   Id  System
> /dev/sdb1               1  4294967295  2147483647+  ee  GPT
> parted:
> GNU Parted 2.3
> Using /dev/sdb
> Welcome to GNU Parted! Type 'help' to view a list of commands.
> (parted) print                                                            
> Model: ATA Hitachi HDS5C303 (scsi)
> Disk /dev/sdb: 3001GB
> Sector size (logical/physical): 512B/512B
> Partition Table: gpt
> Number  Start   End     Size    File system  Name  Flags
>  1      1049kB  3001GB  3001GB
> (parted) align-check opt 1                                                
> 1 aligned
> For some reason, every time I reboot the LUKS header is no longer
> recognized. I checked to make sure the appropriate modules are loaded
> into memory. The first time I just redid it thinking maybe I did
> something wrong. The second time now this has happened I'm thinking
> something else is going on. Why does this keep happening? How do I fix
> it without redoing it as I have data on this drive.
> # cryptsetup luksDump /dev/sdb1
> Device /dev/sdb1 is not a valid LUKS device.

This looks like something is corrupting/overwriting the 
header. Please post the first few KB of the device as 
hexdump or email it to me. How to get it:

  head -c 10K /dev/sdb1 | hd > start.hex

as root. 

As to fixing this, if the header is corrupted enough, the
data is gone, see the cryptsetup FAQ, in particular the warning
at the start of the FAQ. 

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list