LinuxQuestions.org - Issue locking the encrypted root partition on shutdown or reboot.

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Issue locking the encrypted root partition on shutdown or reboot. (https://www.linuxquestions.org/questions/slackware-14/issue-locking-the-encrypted-root-partition-on-shutdown-or-reboot-4175598369/)

Issue locking the encrypted root partition on shutdown or reboot.

To check what I wrote in this article (in French but will soon be translated in English) I made an installation in a VirtualBox VM.

What worries me is that at shutdown or reboot I see this message repeated several times when trying to remount the root file system read-only:

Code:

device-mapper: remove ioctl on root failed: Device or resources busy

followed by

Code:

Device root is still in use

as shown in the attached pic.

My questions are:

May I assume that despite the last message the root LUKS volume has been safely enough locked, or could a smart attacker overcome the locking?
If there is a risk, what can I suggest to users to mitigate it?

Quote:

Originally Posted by Didier Spaier (Post 5660990)

What worries me is that at shutdown or reboot I see this message repeated several times when trying to remount the root file system read-only [...]

May I assume that despite the last message the root LUKS volume has been safely enough locked, or could a smart attacker overcome the locking?

I would not worry about data confidentiality. The hard disk is never "locked" or "unlocked" - It is encrypted all the time. Pages are decrypted on the fly, in RAM, when read from the disk.

If you remove the power line (or kill the VM) at any time during operation, The data on the disk is never left "decrypted" (assuming you use no swap or an encrypted swap).

On the other hand, there might be a problem of data integrity/corruption (although with a journaling file system, I wouldn't worry much).

HTH

Phil