[dm-crypt] Question about how data is read using dm-crypt

Sven Eschenberg sven at whgl.uni-frankfurt.de
Tue Feb 21 03:59:37 CET 2017


I'll inline the answers...

Am 21.02.2017 um 02:34 schrieb 박마루한:
> Hello,
> When I activate a volume using cryptsetup, I have the following:
> 1. Original image file 2. Block device from the image file 3. Image file
> that was created using cryptsetup

No. cryptsetup sets up a crypto mapping consisting of a 
pseudo-blockdevice and operates on a blockdevice. It transforms writes 
to the pseudoblockdevice to writes of encrypted data onto the backing 
blockdevice, while a read operation will read from the backing 
blockdevice, decipher the encrypted content and then deliver it to the 
read() that was issued to the cleartext (pseudo)device.
> Then, you would make another block device from number 3.

No, since 3 is a blockdevice already.
> Now, here's where I am confused.
> I assume when you mount and write to the block device from the last step.
> I assume that this will cause writes to the file in number 3, which then
> cause writes to number 2 and 1.
> But when you read, do you just simply read from number 3? Or are you
> actually reading from number 1?

You usually read/write to and from the pseudoblockdevice created by 
cryptsetup (the dmcrypt target, i.e. /dev/mapper/<cryptotargetname>), 
which will in turn read from/write to the backing blockdevice. The 
backing-device can also be called lower-device in terms of looking at a 
stack, when it comes to Linux' storage system.



More information about the dm-crypt mailing list