LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   After running "fsck"... No longer able to open encrypted drive... Any chance?... (http://www.linuxquestions.org/questions/linux-general-1/after-running-fsck-no-longer-able-to-open-encrypted-drive-any-chance-746128/)

airstuff 08-08-2009 08:53 PM

After running "fsck"... No longer able to open encrypted drive... Any chance?...
 
On Debian/Lenny. My /home partition is on an external usb drive and encrypted. Power went out and system turned off. Logged back in, opened /home using "cryptsetup" and mounted fine but got message to do "fsck". I did: fsck -vy /dev/sda1 and got message that I couldn't do that. So I ended the session -> logged in as root in console -> unmounted /home partition -> closed the drive with "cryptsetup luksClose /dev/mapper/etc..." and ran "fsck -vy /dev/sda1"...

It went through about an hour (120GB drive) of "cleared" this and "fixed" this node and that node. At the end, I tried doing 'cryptsetup -y luksOpen /dev/sda1 ...' and it keeps asking for the passphrase. I rebooted, tried to open as usual and it keeps asking for a LUKS passphrase. Did I just hose the drive? (with no backup in about a month?)

nowonmai 08-10-2009 03:32 AM

Quite possibly. Unfortunately fsck would not see the encrypted fs as an actual fs and would act upon it as it saw appropriate... likely hosing the entire fs. Sorry it's not the news you were hoping for.

airstuff 08-10-2009 08:07 AM

clarification
 
Just so I understand... What you're saying is that "fsck" saw noise/random data (encryption) and proceeded to "fix" (or re-arrange) the file-system... and in the process of re-arranging rendered the "key" (luks passphrase) useless?

Yes... it is VERY bad news for me :( but it's a learning experience and I'm sure I'm not the only noob to do this :) Yet another reminder to keep current backups.

nowonmai 08-10-2009 10:37 AM

In a manner of speaking, this is exactly what happened. If /dev/sda1 did not contain an ext3 filesystem, but fsck was told that it was one, it just goes ahead and tries to make sense of what it sees, with predictably unfortunate results.

salasi 08-10-2009 04:46 PM

Gosh, is that really true? If you have an encrypted drive and there is a problem with it, does that mean that there are no tools you can use to fix it, or is it a matter of using fsck with some obscure options, or something?

Is there any refernce on this that I can look at to learn more as this seems to make encrypted volumes look like an accident waiting to happen.

airstuff 08-10-2009 08:44 PM

accident waiting
 
Quote:

Originally Posted by salasi (Post 3638409)
... this seems to make encrypted volumes look like an accident waiting to happen...

Yes... That's what I thought too. Learning the hard way is SO unpleasant. If there is ANY chance of recovery... I'd really appreciate the help. Thank you.

GazL 08-11-2009 04:30 AM

Quote:

Originally Posted by salasi (Post 3638409)
Gosh, is that really true? If you have an encrypted drive and there is a problem with it, does that mean that there are no tools you can use to fix it, or is it a matter of using fsck with some obscure options, or something?

No you can still use fsck in the usual manner. However, the important part is that you realise that your filesystem is on the luks device /dev/mapper/luksname and not the underlying partition.

To run fsck on a luks encrypted filesystem, the filesystem should be unmounted and the luks device unlocked (OPEN). Then you just run fsck on the /dev/mapper/luksname device in the usual manner.

Running fsck on the partition directly as airstuff has unfortunately discovered, is a very bad idea.

airstuff 08-11-2009 06:33 AM

understood
 
Now I understand why I couldn't run fsck originally and got an error. The partition was mounted. All I should have done was unmount. Not unmount and close luks. Got it. Thank you for the very clear explanation.


All times are GMT -5. The time now is 06:56 PM.