[dm-crypt] gpt over luks - entire data disk encryption
gmazyland at gmail.com
Thu Jul 19 10:24:43 CEST 2012
On 07/18/2012 11:46 PM, Two Spirit wrote:
> After some corruptions to my luks environment, I get an opportunity to make some upgrades to my setup.
> I need some help. I'm testing a raid5+1 environment, and would like to do whole data disk encryptions
> with GPT. once I partition the disk using GPT, I can't run the "cryptsetup luksClose". I've done
> whole disk encryption without a partition table with no problems, and I also have done luks encryption
> on a GPT partition without problems.
What's the exact dvice stack here? (paste lsblk output?)
(You have GPT over LUKS device, not directly on /dev/mraid51, correct?
> The only way I have found to be able to run luksClose is to blow away the partition table(which is not
> acceptable solution). I suspect that udevadm (running ubuntu-12.04) is involved as a /dev/mapper/raid51p1
> exists. When I get rid of the /dev/mapper/raid51p1, and only the /dev/mapper/raid51 exists, I can then run "luksClose".
Someone is running kpartx automatically...
/dev/mapper/raid51p1 is created by kpartx (or some internal code somewhere) and it should _not_ be there,
MD can handle partitions in kernel since 2.6.38 kernel.
I see that problem on Fedora 17 as well. I will back to this later, not a LUKS problem but IMHO it is bug.
I guess you can "dmsetup remove raid51p1" to get rid of this before shutdown, but it is wrong.
For me, it even doesn't set DM-UUID (someone wrongly copied code from kpartx seems :-)
More information about the dm-crypt