[dm-crypt] Truecrypt system partition support
medhefgo at web.de
Mon Jun 24 15:55:16 CEST 2013
On 06/24/2013 07:48 AM, Milan Broz wrote:
> Hm, seems like completely different problem.
> I cannot check whats going on without more information here, ideally
> - cryptsetup output with --debug switch
> - tcryptDump (mainly offsets and data sizes stored there)
> - exact sizes of partitions (fdils -l -u, blockdev --getsz /dev/sda* or so)
> (but please note it will provide some info which is hidden, do not send it
> if it is problem :-)
here's the info. The open log is attached.
TCRYPT header information for /dev/sda
Driver req.: 7
Sector size: 512
MK offset: 106928640
PBKDF2 hash: ripemd160
Cipher chain: aes
Cipher mode: xts-plain64
MK bits: 512
# for i in /dev/sda*; do echo -n "$i: "; sudo blockdev --getsz $i; done
# fdisk -l -u
Disk /dev/sda: 61.5 GB, 61492838400 bytes, 120103200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000bfd29
Device Boot Start End Blocks Id System
/dev/sda1 63 208844 104391 83 Linux
/dev/sda2 * 208845 62910539 31350847+ 7 HPFS/NTFS/exFAT
/dev/sda3 62910540 120103199 28596330 83 Linux
> Ideally I would like to reproduce it, for my encrypted VM on partition
> it works.
> How did you create this config? ANy manipulations with apartitions after
> system reencryption?
I did nothing peculiar to the system. Created the layout with gparted. I
did install grub2, but it also didn't work the truecrypt bootloader.
>> Also, something's off about the --key-file option with tcrypt. I can't
>> get it to accept my password from the file. But if I pipe it with cat
>> to stdin it works. Maybe it's supposed to be this way, but then I think
>> it needs extra mention in the manpage. And maybe there should be a way
>> to provide a --passphrase-file option or something along those lines
>> if the current handling is different to how its handled for luks.
> So you are not using Truecrypt keyfile but just passphrase in file,
> so pipe is the correct way. I thought it is explained in man page
> but if not, it need some care. If you have some idea how to describe
> it betrer, just send me a patch.
> (And adding more otpion will cause even more chaos here :)
After re-reading it's a little clearer now. I still miss a way to
supply the passphrase in a file without resorting to piping it to stdin.
It's not an issue for luks since it allows passphrases and keyfiles
together, but truecrypt doesn't allow keyfiles in system mode.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3750 bytes
Desc: not available
More information about the dm-crypt