LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices


Reply
  Search this Thread
Old 06-06-2014, 06:19 PM   #1
craigh
LQ Newbie
 
Registered: Jun 2014
Location: Vancouver, Canada
Distribution: Ubuntu
Posts: 5

Rep: Reputation: Disabled
Question Mounting an Encrypted Drive


Hi there,

I am trying to mount an encrypted drive read-only so that I can try and use Photorec to recover a file that was truncated by a Gedit plug-in. However, I'm obviously doing it wrong.

I have a laptop running Ubuntu 13.10. It has two drives: /dev/sda (the boot drive) is a 120 GB SSD, and /dev/sdb (secondary drive, where I store most of my data) is a 500 GB HDD. The secondary drive is encrypted. I'm new to running my own Linux machine, so right now this machine is pretty much running various defaults. During the set-up process I was asked if I wanted to encrypt the secondary drive and I selected yes, and created a pass phrase. I believe this was encrypted using LUKS. Each time I log in I must enter the pass phrase to access the secondary hard drive. This is the way I want it, so everything is good from that perspective.

Looking at the properties for the drive shown in the file browser (which I believe is Nautilus) told me that the drive is "ext3/ext4". I found it odd that both are shown, but that's what it shows. So I tried mounting it like this:

Code:
sudo mount -t ext4 -o ro,noload /dev/sdb /romount
mount: wrong fs type, bad option, bad superblock on /dev/sdb,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so
The directory /romount does exist. I also tried /dev/sdb1:

Code:
sudo mount -t ext4 -o ro,noload /dev/sdb1 /romount
mount: wrong fs type, bad option, bad superblock on /dev/sdb1,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so
I tried ext3 too with the same result. I also tried this:

Code:
sudo mount -r /dev/sdb1 /romount
mount: unknown filesystem type 'crypto_LUKS'
Here is what looks to me like the relevant part of "dmesg":

Code:
[133424.725224] EXT3-fs (sdb): error: can't find ext3 filesystem on dev sdb.
[133424.725319] EXT4-fs (sdb): VFS: Can't find ext4 filesystem
[133424.725388] FAT-fs (sdb): Unrecognized mount option "noload" or missing value
[133598.738011] EXT4-fs (sdb): VFS: Can't find ext4 filesystem
[133736.662950] EXT4-fs (sdb): VFS: Can't find ext4 filesystem
[133903.874913] EXT4-fs (sdb1): VFS: Can't find ext4 filesystem
Based on a post I read elsewhere, I ran fdisk and parted to get information that might be useful to someone helping me. Here are the outputs:

Code:
leftseat@selous:~/recovered20140605/photorec$ sudo fdisk -l

Disk /dev/sda: 120.0 GB, 120034123776 bytes
255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000a59df

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048   226050047   113024000   83  Linux
/dev/sda2       226050048   234438655     4194304   82  Linux swap / Solaris

WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted.


Disk /dev/sdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1   976773167   488386583+  ee  GPT
Partition 1 does not start on a physical sector boundary.

Disk /dev/mapper/cryptswap1: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders, total 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe33a2cd8

Disk /dev/mapper/cryptswap1 doesn't contain a valid partition table
Code:
leftseat@selous:~/recovered20140605/photorec$ sudo parted -l
Model: ATA INTEL SSDMCEAW12 (scsi)
Disk /dev/sda: 120GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start   End    Size    Type     File system  Flags
 1      1049kB  116GB  116GB   primary  ext4         boot
 2      116GB   120GB  4295MB  primary


Model: ATA HGST HTS725050A7 (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt

Number  Start   End    Size   File system  Name     Flags
 1      1049kB  500GB  500GB               primary


Model: Linux device-mapper (crypt) (dm)
Disk /dev/mapper/cryptswap1: 4295MB
Sector size (logical/physical): 512B/512B
Partition Table: loop

Number  Start  End     Size    File system     Flags
 1      0.00B  4295MB  4295MB  linux-swap(v1)
I don't see GPT as a type option in "man mount", and I don't see an option to mount read-only in any of the GUI tools I'm aware of.

Can anyone tell me what I'm doing wrong in trying to mount the hard drive read-only? Should I be using a different file system type?

Thanks very much in advance for your assistance.


Craig
 
Old 06-06-2014, 06:23 PM   #2
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
I can't say for read only but I followed something like this recently to open an encrypted volume on the command line and it worked fine:
http://evilshit.wordpress.com/2012/1...ions-manually/
It will give you an idea of what you are looking at if nothing else.
 
Old 06-06-2014, 07:56 PM   #3
craigh
LQ Newbie
 
Registered: Jun 2014
Location: Vancouver, Canada
Distribution: Ubuntu
Posts: 5

Original Poster
Rep: Reputation: Disabled
Hi 273,

Thanks very much. That looks like a good start except:

leftseat@selous:~$ sudo blkid|grep crypto
/dev/sdb1: UUID="2019e76b-29ac-44c3-8d3f-6b8ff1226359" TYPE="crypto_LUKS"
leftseat@selous:~$ sudo cryptsetup -r luksOpen /dev/sdb1/ crypthome
Device /dev/sdb1/ doesn't exist or access denied.

Hmm.

---------- Post added 06-06-14 at 05:56 PM ----------

Doesn't even prompt for the pass phrase.
 
Old 06-06-2014, 08:00 PM   #4
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
What exactly did you do to get into this situation?
It sounds like you may have damaged the encrypted partition not just files which were stored on it.
 
Old 06-06-2014, 08:09 PM   #5
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,770

Rep: Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210
Quote:
Originally Posted by craigh View Post
leftseat@selous:~$ sudo cryptsetup -r luksOpen /dev/sdb1/ crypthome
Device /dev/sdb1/ doesn't exist or access denied.
That trailing "/" does not belong there. /dev/sdb1 is not a directory.
 
1 members found this post helpful.
Old 06-06-2014, 08:12 PM   #6
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Quote:
Originally Posted by rknichols View Post
That trailing "/" does not belong there. /dev/sdb1 is not a directory.
Hmm, that's my fault, sorry, I must have used another guide or just not used that command.
Good catch.
 
Old 06-07-2014, 01:55 AM   #7
craigh
LQ Newbie
 
Registered: Jun 2014
Location: Vancouver, Canada
Distribution: Ubuntu
Posts: 5

Original Poster
Rep: Reputation: Disabled
Cool

Quote:
Originally Posted by rknichols View Post
That trailing "/" does not belong there. /dev/sdb1 is not a directory.
Duh. That's what copying and pasting a command you found on the interwebs will get you. You're absolutely right; I didn't notice the trailing slash. Removing that solves the problem. I'm mounted and the disk is read-only, so mission accomplished.

Now I will run Phototrec to see what (if anything) I can recover from the file that was truncated/overwritten. To answer your question, 273, no, the whole partition is not damaged. Clearly I was not paying attention when I ran the command at the link you provided. And it was indeed the information at the link you provided that helped me get to where I needed to be. Thanks very much for your help. And thanks, rknichols, for your help too.
 
Old 06-07-2014, 02:02 AM   #8
craigh
LQ Newbie
 
Registered: Jun 2014
Location: Vancouver, Canada
Distribution: Ubuntu
Posts: 5

Original Poster
Rep: Reputation: Disabled
Lightbulb

To make it clear for those who might find this thread in the future:

Code:
leftseat@selous:~$ sudo cryptsetup -r luksOpen /dev/sdb1 crypthome
[sudo] password for leftseat: 
Enter passphrase for /dev/sdb1: 
leftseat@selous:~$ sudo mount /dev/mapper/crypthome /romount
mount: block device /dev/mapper/crypthome is write-protected, mounting read-only
leftseat@selous:~$ cd /romount
leftseat@selous:/romount$ touch test
touch: cannot touch ‘test’: Read-only file system
leftseat@selous:/romount$
 
Old 06-07-2014, 06:34 AM   #9
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Thanks for the correction craigh and sorry for not proof-reading the link before pasting it.
You should mark the thread solved by clicking the link at the top also if things are now working for you.
 
Old 06-07-2014, 05:40 PM   #10
craigh
LQ Newbie
 
Registered: Jun 2014
Location: Vancouver, Canada
Distribution: Ubuntu
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
Thanks for the correction craigh and sorry for not proof-reading the link before pasting it.
You should mark the thread solved by clicking the link at the top also if things are now working for you.
Hi 273,

Apology not necessary. It's my responsibility to check commands before I run them ... which I always do, but clearly I missed the offending slash.

Left Photorec to run all night, but I think it filled the hard drive (not the one on which the file was lost) withut about 8000 file fragments. Now I just have to free up more space, because none of them seem to be the fragment I'm looking for.

Will mark the thread solved. Thanks again.


Craig
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mounting a TCG OPAL SED (encrypted) hard drive -- only possible w/ commercial tools? libCog Linux - Security 1 11-11-2012 02:12 PM
[SOLVED] Mounting encrypted disk Blue_Ice Linux - Desktop 2 06-18-2010 02:46 AM
mounting / rescue encrypted volume simonwil Ubuntu 2 11-02-2009 02:58 PM
Mounting LUKS encrypted drive from a failed pc: LVM2 error klearview Linux - Software 1 10-31-2008 03:34 AM
mounting encrypted img without being root crashsystems Linux - Security 7 03-09-2007 12:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware

All times are GMT -5. The time now is 10:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration