LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Suse/Novell (http://www.linuxquestions.org/questions/suse-novell-60/)
-   -   Suse 11.2 - cannot open encrypted partitions. (http://www.linuxquestions.org/questions/suse-novell-60/suse-11-2-cannot-open-encrypted-partitions-774763/)

Nicolas 12-10-2009 11:14 AM

Suse 11.2 - cannot open encrypted partitions.
 
I have two encrypted partitions (one internal the other external) which worked fine in openSuse 11.1.
I just installed 11.2 and can no longer access either partition.

Yast partitioner asks for the passphrase but then fails to mount saying I need to specify the file system type (which is not an option available to me).

I have tried #cryptsetup luksOpen /dev/sda4 data

which asks for and accepts the passphrase saying the device is unlocked. But when I try to mount the partition I am again asked to specify the fs type, but it does not accept ext3 when specified.

fsck and e2fsck report bad superblock for the various block numbers I have tried.

I have seen elsewhere that it may be related to VIA and a padlock module but it is not clear to me how to proceed in that direction.

I find it hard to believe that I am the only person to have had this experience and would appreciate any help available.

(ps otherwise I am very impressed with 11.2 - shame about my data!)

jiobo 12-11-2009 03:45 PM

Have you ran fsck on the unmounted partition? After running fsck, try to mount it again and use the following command:

Code:

#mkdir /mnt/disk
#cryptsetup luksOpen /dev/sda4 data
(follow prompt)
#mount -t ext3 /dev/mapper/data /mnt/disk

If that worked, then you would need to edit /etc/fstab to add an entry for that partition. And read about mount:

Code:

man mount

Nicolas 12-12-2009 03:26 AM

Thanks jiobo.

Yes, I have tried that and after:
# cryptsetup luksOpen /dev/sda4 data2
Enter LUKS passphrase for /dev/sda4:
key slot 0 unlocked.
Command successful.

I do:
# mount -t ext3 /dev/mapper/data2 /data2
and get:

mount: wrong fs type, bad option, bad superblock on /dev/mapper/data2,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

dmesg gives me this:

[123831.055052] padlock: VIA PadLock not detected.
[123831.101519] padlock: VIA PadLock Hash Engine not detected.

I have googled this without much success.

Nicolas 12-12-2009 05:14 AM

This thread (https://bugs.launchpad.net/ubuntu/+s...ux/+bug/206129) suggests either using alais or blacklist to disable the padlock-sha module. When I try that I get this in dmesg when I try to mount after unlocking:

[ 59.800835] Intel AES-NI instructions are not detected.
[ 65.642599] VFS: Can't find ext3 filesystem on dev dm-0.

jiobo 12-12-2009 07:01 PM

After running cryptsetup to get the HD in /dev/mapper, then run fsck:

Code:

# fsck /dev/mapper/data2
After that completes, try to mount it again.

Code:

mount -t ext3 /dev/mapper/data2 /mnt/disk

worm5252 12-12-2009 09:41 PM

Are you sure it is an ext3 filesystem and not something else such as ext2?

Nicolas 12-13-2009 03:28 AM

Both fsck and e2fsck report bad superblock (for the various block numbers I have tried):

fsck from util-linux-ng 2.16
e2fsck 1.41.9 (22-Aug-2009)
fsck.ext2: Superblock invalid, trying backup blocks...
fsck.ext2: Bad magic number in super-block while trying to open /dev/mapper/data2

e2fsck -b 8193 /dev/mapper/data2
e2fsck 1.41.9 (22-Aug-2009)
e2fsck: Bad magic number in super-block while trying to open /dev/mapper/data2

I am certain that it is ext3 not ext2. Fdisk reports thus:
/dev/sda1 * 1 2357 18932571 83 Linux
/dev/sda2 2358 2877 4176900 82 Linux swap / Solaris
/dev/sda4 2878 19929 136970190 83 Linux

If it helps, luksDump gives this:
LUKS header information for /dev/sda4

Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 1032
MK bits: 128
MK digest: e8 3b f5 8c 89 ea 6e eb 68 41 db a8 97 6f 13 92 0e 34 05 e7
MK salt: 66 88 f1 5a 37 e8 f2 b7 80 5f 58 8f 89 3d b3 9c
cd af 45 52 76 91 ea 87 58 8f 8b ae 0f 38 21 db
MK iterations: 10
UUID: 4a6a9b44-5a52-486e-8f7d-e1edc5ef0168

Key Slot 0: ENABLED
Iterations: 324636
Salt: 0c 0d 70 e6 3d 40 41 f3 3b f9 13 59 8d 38 50 1a
16 a3 8c d3 96 e3 d9 f4 08 7d fe a6 04 5a 53 fa
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

jiobo 12-13-2009 10:17 PM

After running fsck, did you try to mount it? What happened? Tell fsck to fix the problems that it finds, if you did not do that.
Code:

man fsck
The luks header tells you that at least you are able to read part of the HD. Also try:

Code:

mount -t ext2 /dev/mapper/data2 /mnt/disk

Nicolas 12-14-2009 03:48 AM

Attempts to mount after fsck or e2fsck both return the same superblock error as does using ext2:

mount -t ext2 /dev/mapper/data2 /data2
mount: wrong fs type, bad option, bad superblock on /dev/mapper/data2,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

Nicolas 01-05-2010 07:55 AM

Solved - follow the steps here. Example 4.11 (where the encryption was pre-10.3) was relevant to my problem and worked like a charm.

http://www.suse.de/~lnussel/hdencryp...ncryption.html

jiobo 01-27-2010 11:50 PM

good link
 
Good link that you posted for SUSE. Would also be useful if you would explain what you did that made it work for you!

Nicolas 01-29-2010 03:34 AM

OK, here goes:

The encrypted partition was /dev/sdc1 (a 260GB external drive on a USB connection, originally encrypted by SUSE 10.3, I think). I wished to mount it as /data4.

As root do:

1) losetup /dev/loop0 /dev/sdc1
2) cryptsetup --hash sha512 --cipher twofish-cbc-plain --key-size 256 create data4_map /dev/loop0
3) mount /dev/mapper/data4_map /data4

and that was it. At one point I needed to input the passphrase for the encrypted partition so that it could be unlocked. After the second step /dev/mapper/data4_map was created and available to be mounted.

By the way, prior to this and while trying to find a solution, I had used dd to create a copy of the partition (dd if=/dev/sdc1 of=cryptimage.img) and ended up reformatting /dev/sdc1 as ext3. I then restored the image to /dev/sdc1 using dd (dd if=cryptimage.img of=/dev/sdc1). It was good to see that dd handled the encrypted data perfectly, although it did take about 36 hours to make each copy!

My only regret was that I did not figure out the solution until after I had already reformatted my internal drive (/data2). Fortunately the external drive is my (paranoid!) backup so I did not lose any data.

jiobo 02-18-2010 12:24 PM

Quote:

Originally Posted by Nicolas (Post 3844609)
My only regret was that I did not figure out the solution until after I had already reformatted my internal drive (/data2). Fortunately the external drive is my (paranoid!) backup so I did not lose any data.

No paranoid there. That is why people use RAID arrays.


All times are GMT -5. The time now is 01:41 PM.