[dm-crypt] LUKS backup headers for recovery

Arno Wagner arno at wagner.name
Fri Jul 20 01:27:57 CEST 2012

On Thu, Jul 19, 2012 at 11:36:59PM +0200, Milan Broz wrote:
> On 07/19/2012 09:18 PM, Arno Wagner wrote:
> > On Thu, Jul 19, 2012 at 11:36:53AM -0700, Two Spirit wrote:
> >> I'm a heavy believer in the backup mantra "2 is 1 and 1 is none", and start
> >> to feel comfortable when I have 3. Luckily I had backups to handle my
> >> recent data loss with LUKS, but I had to suffer a long restore time as the
> >> capacities get larger.
> While it is simple from that mantra point of view, it complicates many other
> things. People are resizing devices, if you place 2nd copy near the end of device,
> you create many new problems.
> I saw these problems in LVM, GPT an fake-raid metadata. If you have two versions,
> which is more recent? Is it still valid if you completely remove one copy?
> (Very common confusion - GPT reappears from backup copy.)
> And you need atomic counter or timestamp (new LUKS format) and locking.

Very true. A relatively simple implementation goes to 
a complex one with surprising behaviour. Not good. 
KISS is still the prime directive for any good engineer.

> In enterprise environment you will need to use something better anyway,
> (admin need to be able to provide you recovery passphrase), so you end with
> a Key Escrow system. (https://fedorahosted.org/volume_key/ is the project based
> on libcryptsetup for example).
> Without this, you can either store backup of header, or you can print key
> on paper and store it somewhere safely (see luksDump --dump-master-key)
> with the same effect.

And if you do that make sure to dump all the parameters as well.
cryptsetup is conservative about changing defaults, but it can
> >> Since these are usually long running
> >> file servers, I've found lots of discussions about passphrase recovery
> >> while the systems are still running and not luksClosed). I did google
> >> around for LUKS recovery procedures, but there were lots of bad long
> >> involved processes out there that didn't work or I couldn't get to work.
> And you are running file server without backup? Do you have backup of /etc?
> So adding one 4M file (LUKS header with keyslots) into regular backup is easy.
> People are usually highly stressed by situation (data gone and no backup).
> And usually they lose ability to recover data not by initial mistake/error,
> but by some stupid recovery action without real understanding what caused
> the problem.

Indeed. I have added a note for this at the start of the FAQ.
> (And btw there is script in LUKS source recovering LUKS header from running dmcrypt
> device, it is mentioned in FAQ... 
> Ehm,... actually Arno forgot to update link, after git switch :)
> It is here http://code.google.com/p/cryptsetup/source/browse/misc/luks-header-from-active

Wups. Fixed.
> >> I now see the  luksHeaderBackup and luksHeaderRestore commands.(My excuse
> >> is that I don't recall them when I first learned about cryptsetup many
> >> years ago.) 
> Because I added them later, exactly to simplify all these recovery problems.
> You can even open device using backup file (without rewriting header).

Which is a very good thing, as any write has a chance of doing more 

> >> Yes, I have seen a seasoned sysadmin run #rm -rf * from root on a
> >> production server, so I could forsee someone doing something to 
> >> mess up the LUKS headers.
> There are two groups of people: one group run backups.
> The second did not lost data yet :-)

Hehehehe, yes. Makes me remember the first (and only) 
time I lost important data. The universe looks a bit 
different after that experience ;-)

Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

More information about the dm-crypt mailing list