Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-18-2014, 08:47 AM
|
#1
|
LQ Newbie
Registered: Apr 2014
Distribution: Debian testing
Posts: 4
Rep:
|
cant access encrypted partition after restoring image backup using dd
Hello,
today i upgraded firmware on my SSD, where I have linux installed. First I created a backup of the whole disk (dd if=/dev/sda of=/mnt/anotherdisk/sda.img), then upgraded the firmware a restored the disk contents (dd if=/mnt/anotherdisk/sda.img of=/dev/sda).
The SSD contains a small boot partition and an encrypted luks partition with lvm, which then contains two partitions (root and home). From a live distro (SystemResqueCD) a can access the boot partition but not the encyrpted one. When running `cryptsetup luksOpen /dev/sda2 crypt` i get 'Device /dev/sda2 is not a valid LUKS device.'.
Output from parted is
Code:
parted /dev/sda
GNU Parted 3.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: ATA KINGSTON SV200S3 (scsi)
Disk /dev/sda: 128GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
3 1049kB 2097kB 1049kB bios_grub
1 2097kB 135MB 133MB ext2 Linux filesystem <-- this is my boot partition
2 135MB 128GB 128GB Linux filesystem <-- this is the encrypted partition
Not sure where the problem is, thank for any help.
|
|
|
04-18-2014, 11:07 AM
|
#2
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,792
|
That is not a good sign. By any chance was this a system that had been running for a long time without being rebooted prior to the time you shut it down and made the image? A system can, unfortunately, run for a long time with a corrupted LUKS header, and you don't find out about the problem until the next time you try to unlock the container.
Let's see what it looks like. Please post the output from "file -s /dev/sda2" and from "dd if=/dev/sda2 count=1 | hexdump -C".
|
|
|
04-18-2014, 12:13 PM
|
#3
|
LQ Newbie
Registered: Apr 2014
Distribution: Debian testing
Posts: 4
Original Poster
Rep:
|
No, I restart regularly. Today morning I started it, then shut down, booted SystemRescueCd and made the image. When i tried to boot from that disk, grub was working, but after selecting linux the computer restarted, Tried adding verbose and debug options to the kernel, but didn't show anything else. I have made backup of all my partitins (boot, root and home) using tar, so if this fails i can start with a new installation.
Tried creatin a new encrypted partition and both root and home partitions and restoring data from the tar archves, but the boot process ended the same way - isn't reinstaling grub or regenerating initrd requiered?
Restoring the image again, will post the result of those command when its done. If it's needed, I am running Debian testing.
Thanks for your help.
|
|
|
04-18-2014, 12:41 PM
|
#4
|
LQ Newbie
Registered: Apr 2014
Distribution: Debian testing
Posts: 4
Original Poster
Rep:
|
output of commands:
Code:
# file -s /dev/sda2
/dev/sda2: LUKS encrypted file, ver 1 [aes, cbc-essiv:sha256, sha1] UUID: 2e217d23-328d-4cab-8aa3-52716af5ca96
# dd if=/dev/sda2 count=1 | hexdump -C
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.000392519 s, 1.3 MB/s
00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |........cbc-essi|
00000030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256........|
00000040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |........sha1....|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 20 |.......... .... |
00000070 99 15 82 5c bd 9e 21 4e 35 5e d6 c5 c1 86 91 d5 |...\..!N5^......|
00000080 7d 30 a6 b2 41 61 8d 39 07 a5 e4 99 1f 94 79 59 |}0..Aa.9......yY|
00000090 bd 9b 6e 71 8c 28 3c 18 bc 8b 2a c3 c5 a6 3b b4 |..nq.(<...*...;.|
000000a0 33 d9 d7 a7 00 00 a3 16 32 65 32 31 37 64 32 33 |3.......2e217d23|
000000b0 2d 33 32 38 64 2d 34 63 61 62 2d 38 61 61 33 2d |-328d-4cab-8aa3-|
000000c0 35 32 37 31 36 61 66 35 63 61 39 36 00 00 00 00 |52716af5ca96....|
000000d0 00 ac 71 f3 00 02 8e 40 f7 11 ca 26 14 25 c2 6b |..q....@...&.%.k|
000000e0 a1 10 22 65 f5 a0 dc b0 9a a4 14 d7 94 d1 ae 0b |.."e............|
000000f0 2f d3 54 9d da 1a 11 f3 00 00 00 08 00 00 0f a0 |/.T.............|
00000100 00 00 de ad 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000120 00 00 00 00 00 00 00 00 00 00 01 08 00 00 0f a0 |................|
00000130 00 00 de ad 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 00 00 02 08 00 00 0f a0 |................|
00000160 00 00 de ad 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000180 00 00 00 00 00 00 00 00 00 00 03 08 00 00 0f a0 |................|
00000190 00 00 de ad 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 00 00 00 00 00 00 00 00 00 00 04 08 00 00 0f a0 |................|
000001c0 00 00 de ad 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 05 08 00 00 0f a0 |................|
000001f0 00 00 de ad 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000200
|
|
|
04-18-2014, 05:40 PM
|
#5
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,792
|
That is a completely valid LUKS header with one enabled key slot. I can't imagine why you would get a "not a valid LUKS device" error.
When I take that same data, put it at the beginning of a partition on a USB stick, plug that USB stick into a machine running SystemRescueCD, and try to open it, it is recognized as a LUKS container and I am prompted for a password (which of course is never going to work since there is no key material present).
Code:
# cryptsetup luksDump /dev/sdd1
LUKS header information for /dev/sdd1
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 8192
MK bits: 256
MK digest: 99 15 82 5c bd 9e 21 4e 35 5e d6 c5 c1 86 91 d5 7d 30 a6 b2
MK salt: 41 61 8d 39 07 a5 e4 99 1f 94 79 59 bd 9b 6e 71
8c 28 3c 18 bc 8b 2a c3 c5 a6 3b b4 33 d9 d7 a7
MK iterations: 41750
UUID: 2e217d23-328d-4cab-8aa3-52716af5ca96
Key Slot 0: ENABLED
Iterations: 167488
Salt: f7 11 ca 26 14 25 c2 6b a1 10 22 65 f5 a0 dc b0
9a a4 14 d7 94 d1 ae 0b 2f d3 54 9d da 1a 11 f3
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Nothing wrong there. Looks fine. Perhaps that drive is not "/dev/sda" when you are running SystemRescueCD.
Last edited by rknichols; 04-18-2014 at 05:42 PM.
|
|
|
04-19-2014, 02:35 AM
|
#6
|
LQ Newbie
Registered: Apr 2014
Distribution: Debian testing
Posts: 4
Original Poster
Rep:
|
Not sure what's different, but today it is working fine. I guess something must have gone wrong during the first `dd` restore. Thanks for your time.
|
|
|
All times are GMT -5. The time now is 08:41 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|