Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to setup a partition for LUKS, however I'm getting an error.
Code:
# cryptsetup luksFormat /dev/sdd1
WARNING!
========
This will overwrite data on /dev/sdd1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot format device /dev/sdd1 which is still in use
I've only done two things. Setup a partition via fdisk and then setup for LVM.
Code:
fdisk -l /dev/sdd
Disk /dev/sdd: 109 MB, 109595648 bytes
255 heads, 63 sectors/tracks, 13 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x3361640c
Device Boot Start End Blocks Id System
/dev/sdd1 1 13 104391 8e Linux LVM
I don't have a partition setup for this under /etc/fstab either, so I'm not sure what is going on.
You say you set up the partition for LVM. It's not apparent how many of the steps you have done, but you need to assign /dev/sdd1 to a volume group, and create a logical volume inside it. Then you can run luksFormat on that LV.
It's analagous to partitioning a disk. Once you have set up the partitions (sda1, sda2, ...) you don't try to use the whole disk (sda) for something.
I think I figured out the issue, I'm formatting with mkfs before I use cryptsetup. For example:
This is a new VM.
Code:
fdisk -l /dev/sdb1 (during this process, set partition type as LVM)
pvcreate /dev/sdb1 ; vgcreate Vol_Group02 /dev/sdb1 ; lvcreate -L +100M -n LogVol00 Vol_Group02
mkfs -t ext4 /dev/mapper/Vol_Group02-LogVol00
cryptsetup luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot format device /dev/sdb1 which is still in use
On the same VM, I created a different partition and after doing the following:
fdisk -l /dev/sdb1 (during this process, set partition type as LVM)
pvcreate /dev/sdb1 ; vgcreate Vol_Group02 /dev/sdb1 ; lvcreate -L +100M -n LogVol00 Vol_Group02
mkfs -t ext4 /dev/mapper/Vol_Group02-LogVol00
cryptsetup luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot format device /dev/sdb1 which is still in use
That is doing a pvcreate on /dev/sdb1 and then trying to destroy that PV by overwriting it with a LUKS header.
Quote:
On the same VM, I created a different partition and after doing the following:
So I am incorrect in formatting this partition before setting it up with LUKS, correct?
If that's the same VM, how can your "different partition" still be /dev/sdb1? Here, you've run luksFormat twice on the same partition, and the second one is wrong. I presume that should have been luksOpen to set up the encrypt_sdb1 mapping. You are then running mkfs on some logical volume that you don't show how you created, but does not seem to be related to the LUKS container that you just formatted. That should have been "mkfs -t ext4 /dev/mapper/encrypt_sdb1". I'm hoping this is all just errors in transcribing what you did, because otherwise it makes about as much sense as the output from monkeys+typewriters.
Indeed, you do not mkfs the partition (or logical volume, or other container) before setting up the LUKS encryption and opening the encrypted volume. You then run mkfs on that volume that luksOpen sets up in /dev/mapper. Trying for format /dev/sdb1 in two different ways is just going to wipe out whatever that first format was.
What I originally wrote up for post #3 is incorrect, so I apologize.
I did this again on a brand new VM and still getting the same error as before, so I'm not understanding.
Code:
fdisk /dev/sdb
partprobe /dev/sdb1 ; pvcreate /dev/sdb1 ; vgcreate Vol_Group02 /dev/sdb1 ; lvcreate -L +5G -n LogVol00 Vol_Group02
cryptsetup luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot format device /dev/sdb1 which is still in use.
Yes, /dev/sdb1 is in use as a physical volume in Vol_Group02. You can run luksFormat on the logical volume that you created (/dev/Vol_Group02/LogVol00 or /dev/mapper/Vol_Group02-LogVol00), but you cannot to anything directly on /dev/sdb1 without destroying the LVM setup there. After you use luksFormat to set up the LUKS container, you can then open that container with "cryptsetup luksOpen /dev/mapper/Vol_Group02-LogVol00 mycrypt" and run "mkfs -t ext4 /dev/mapper/mycrypt". You do not run mkfs on /dev/sdb1 or /dev/mapper/Vol_Group02-LogVol00. Doing so would destroy the structures you have set up there.
It's like making several partitions on a disk, /dev/sda1 /dev/sda2 /dev/sda3, and then running "mkfs.vfat /dev/sda". Doing that wipes out the partition table.**
You need to study a bit more on the layering concept in these structures.
** It so happens that "mkfs.ext4" would not destroy the partition table. That's because the ext2/3/4 filesystems do not use the first 1024 bytes of the device. You actually end up with a worse mess, because space allocated to the partitions is also being used, quite independently, by that filesystem. Anything that tried to use those partitions would cause absolute chaos in the filesystem, and vice versa.
Last edited by rknichols; 02-06-2016 at 10:46 PM.
Reason: Add "It so happens..." foornote
You need to study a bit more on the layering concept in these structures.
Its one thing to study. I read the documentation and it doesn't make sense. So I lab and that is where the questions come up. You have to try, to gain and build on experience to become an expert. No one was born with Linux skills.
So what do you recommend to "study" the layering concepts?
However if I look under /dev/mapper, its not there.
I've made an entry under /etc/fstab and then run the following:
Code:
mount -a
mount: wrong fs type, bad option, bad superblock on /dev/mapper/VoL_Group02-LogVol00
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
The 1st time I rebooted, the entry that I made under /etc/crypttab was missing. I've added this information to this file after formatting the file system with ext4.
However if I look under /dev/mapper, its not there.
It would be nice to indicate what command produced that output. I'm guessing it's from blkid.
Are you saying that running "ls /dev/mapper" does not show that device? Given that blkid (apparently) could see it, I don't see how that's possible.
Quote:
I've made an entry under /etc/fstab and then run the following:
Code:
mount -a
mount: wrong fs type, bad option, bad superblock on /dev/mapper/VoL_Group02-LogVol00
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
The 1st time I rebooted, the entry that I made under /etc/crypttab was missing. I've added this information to this file after formatting the file system with ext4.
You didn't show what you actually entered in /etc/fstab, what line you put in /etc/crypttab, or what you put in that logical volume. Without knowing the exact steps you followed I cannot point out where you went wrong, and I'm tired of trying to guess what you might have done.
Without knowing the exact steps you followed I cannot point out where you went wrong, and I'm tired of trying to guess what you might have done.
These are the exact steps that I'm taking. I don't have Guest Additions installed, so I'm typing all of this manually.
Trying to setup LUKS on a partition.
Code:
fdisk /dev/sdb
- n
- p
- accept defaults for 1st and last cylinders
- t
- 8e
- p
- w
modprobe dm_crypt
lsmod | grep dm_crypt
partprobe /dev/sdb1 ; pvs ; vgs ; lvs
pvcreate /dev/sdb1 ; vgcreate Vol_Group02 /dev/sdb1 ; lvcreate -L +5G -n LogVol00 Vol_Group02
cryptsetup luksFormat /dev/sdb1
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot format device /dev/sdb1 which is still in ue
These are the exact steps that I'm taking. I don't have Guest Additions installed, so I'm typing all of this manually.
Trying to setup LUKS on a partition.
Code:
fdisk /dev/sdb
- n
- p
- accept defaults for 1st and last cylinders
- t
- 8e
- p
- w
modprobe dm_crypt
lsmod | grep dm_crypt
partprobe /dev/sdb1 ; pvs ; vgs ; lvs
pvcreate /dev/sdb1 ; vgcreate Vol_Group02 /dev/sdb1 ; lvcreate -L +5G -n LogVol00 Vol_Group02
cryptsetup luksFormat /dev/sdb1
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot format device /dev/sdb1 which is still in ue
As I've told you before, you don't run the luksFormat on /dev/sdb1. That would be making a LUKS container in place of (i.e., destroying) the LVM container that you built, when what you want to do is put that LUKS container inside the LVM container. You run
Next, you want to make a filesystem. Again, you do not build that filesystem in place of the LVM container on /dev/sdb1, nor do you build it in place of the LUKS container on /dev/mapper/Vol_Group02-LogVol00. What you do is unlock the LUKS container to expose the decrypted container within, which I'll call "mycrypt", then build the filesystem there.
I went ahead and also did the following after the two lines above:
Code:
mkfs -t ext4 /dev/mapper/Vol_Group02-LogVol00
vim /etc/crypttab
encrypt_sdb1 /mnt/encrypt_sdb1
:wq
mkdir -p /mnt/encrypt_sdb1
vim /etc/fstab
/dev/mapper/encrypt_sdb1 /mnt/encrypt_sdb1 ext4 default 1 2
:wq
mount -a
...and it now works!
However...a reboot will prove it...
Now getting these errors...
Code:
Mount local filesystems: mount: special device /dev/mapper/encrypt_sdb1 does not exist
Mounting filesystems: mount: special device /dev/mapper/encrypt_sdb1 does not exist
ls -al /dev/mapper does not show encrypt_sdb1 there, so I'm not understanding why that doesn't survive the reboot.
When I format, do I do either:
Code:
mkfs -t ext4 /dev/mapper/Vol_Group02-LogVol00
or
mkfs -t ext4 /dev/mapper/encrypt_sdb1
Last edited by JockVSJock; 02-07-2016 at 03:56 PM.
mkfs -t ext4 /dev/mapper/Vol_Group02-LogVol00
or
mkfs -t ext4 /dev/mapper/encrypt_sdb1
The latter. When you run "mkfs -t ext4 /dev/mapper/Vol_Group02-LogVol00" you destroy the LUKS header on the encrypted volume. Make sure that what you mount in /etc/fstab is also "/dev/mapper/encrypt_sdb1".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.