[SOLVED] cant access encrypted partition after restoring image backup using dd

vodajs · 04-18-2014, 08:47 AM

Hello,
today i upgraded firmware on my SSD, where I have linux installed. First I created a backup of the whole disk (dd if=/dev/sda of=/mnt/anotherdisk/sda.img), then upgraded the firmware a restored the disk contents (dd if=/mnt/anotherdisk/sda.img of=/dev/sda).

The SSD contains a small boot partition and an encrypted luks partition with lvm, which then contains two partitions (root and home). From a live distro (SystemResqueCD) a can access the boot partition but not the encyrpted one. When running `cryptsetup luksOpen /dev/sda2 crypt` i get 'Device /dev/sda2 is not a valid LUKS device.'.

Output from parted is

Code:

parted /dev/sda
GNU Parted 3.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: ATA KINGSTON SV200S3 (scsi)
Disk /dev/sda: 128GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name              Flags
 3      1049kB  2097kB  1049kB                                 bios_grub
 1      2097kB  135MB   133MB   ext2         Linux filesystem       <-- this is my boot partition
 2      135MB   128GB   128GB                Linux filesystem       <-- this is the encrypted partition

Not sure where the problem is, thank for any help.

rknichols · 04-18-2014, 11:07 AM

That is not a good sign. By any chance was this a system that had been running for a long time without being rebooted prior to the time you shut it down and made the image? A system can, unfortunately, run for a long time with a corrupted LUKS header, and you don't find out about the problem until the next time you try to unlock the container.

Let's see what it looks like. Please post the output from "file -s /dev/sda2" and from "dd if=/dev/sda2 count=1 | hexdump -C".

vodajs · 04-18-2014, 12:13 PM

No, I restart regularly. Today morning I started it, then shut down, booted SystemRescueCd and made the image. When i tried to boot from that disk, grub was working, but after selecting linux the computer restarted, Tried adding verbose and debug options to the kernel, but didn't show anything else. I have made backup of all my partitins (boot, root and home) using tar, so if this fails i can start with a new installation.

Tried creatin a new encrypted partition and both root and home partitions and restoring data from the tar archves, but the boot process ended the same way - isn't reinstaling grub or regenerating initrd requiered?

Restoring the image again, will post the result of those command when its done. If it's needed, I am running Debian testing.

Thanks for your help.

vodajs · 04-18-2014, 12:41 PM

output of commands:

Code:

# file -s /dev/sda2
/dev/sda2: LUKS encrypted file, ver 1 [aes, cbc-essiv:sha256, sha1] UUID: 2e217d23-328d-4cab-8aa3-52716af5ca96
# dd if=/dev/sda2 count=1 | hexdump -C
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.000392519 s, 1.3 MB/s
00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  63 62 63 2d 65 73 73 69  |........cbc-essi|
00000030  76 3a 73 68 61 32 35 36  00 00 00 00 00 00 00 00  |v:sha256........|
00000040  00 00 00 00 00 00 00 00  73 68 61 31 00 00 00 00  |........sha1....|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 20 00 00 00 00 20  |.......... .... |
00000070  99 15 82 5c bd 9e 21 4e  35 5e d6 c5 c1 86 91 d5  |...\..!N5^......|
00000080  7d 30 a6 b2 41 61 8d 39  07 a5 e4 99 1f 94 79 59  |}0..Aa.9......yY|
00000090  bd 9b 6e 71 8c 28 3c 18  bc 8b 2a c3 c5 a6 3b b4  |..nq.(<...*...;.|
000000a0  33 d9 d7 a7 00 00 a3 16  32 65 32 31 37 64 32 33  |3.......2e217d23|
000000b0  2d 33 32 38 64 2d 34 63  61 62 2d 38 61 61 33 2d  |-328d-4cab-8aa3-|
000000c0  35 32 37 31 36 61 66 35  63 61 39 36 00 00 00 00  |52716af5ca96....|
000000d0  00 ac 71 f3 00 02 8e 40  f7 11 ca 26 14 25 c2 6b  |..q....@...&.%.k|
000000e0  a1 10 22 65 f5 a0 dc b0  9a a4 14 d7 94 d1 ae 0b  |.."e............|
000000f0  2f d3 54 9d da 1a 11 f3  00 00 00 08 00 00 0f a0  |/.T.............|
00000100  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 01 08 00 00 0f a0  |................|
00000130  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 02 08 00 00 0f a0  |................|
00000160  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  00 00 00 00 00 00 00 00  00 00 03 08 00 00 0f a0  |................|
00000190  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 04 08 00 00 0f a0  |................|
000001c0  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 05 08 00 00 0f a0  |................|
000001f0  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000200

rknichols · 04-18-2014, 05:40 PM

That is a completely valid LUKS header with one enabled key slot. I can't imagine why you would get a "not a valid LUKS device" error.

When I take that same data, put it at the beginning of a partition on a USB stick, plug that USB stick into a machine running SystemRescueCD, and try to open it, it is recognized as a LUKS container and I am prompted for a password (which of course is never going to work since there is no key material present).

Code:

# cryptsetup luksDump /dev/sdd1
LUKS header information for /dev/sdd1

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-essiv:sha256
Hash spec:     	sha1
Payload offset:	8192
MK bits:       	256
MK digest:     	99 15 82 5c bd 9e 21 4e 35 5e d6 c5 c1 86 91 d5 7d 30 a6 b2 
MK salt:       	41 61 8d 39 07 a5 e4 99 1f 94 79 59 bd 9b 6e 71 
               	8c 28 3c 18 bc 8b 2a c3 c5 a6 3b b4 33 d9 d7 a7 
MK iterations: 	41750
UUID:          	2e217d23-328d-4cab-8aa3-52716af5ca96

Key Slot 0: ENABLED
	Iterations:         	167488
	Salt:               	f7 11 ca 26 14 25 c2 6b a1 10 22 65 f5 a0 dc b0 
	                      	9a a4 14 d7 94 d1 ae 0b 2f d3 54 9d da 1a 11 f3 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Nothing wrong there. Looks fine. Perhaps that drive is not "/dev/sda" when you are running SystemRescueCD.

vodajs · 04-19-2014, 02:35 AM

Not sure what's different, but today it is working fine. I guess something must have gone wrong during the first `dd` restore. Thanks for your time.