[dm-crypt] Detached header offset

[dm-crypt] Detached header offset

[7heo]

Hey all,

I assumed that there was on option to give the offset of the header on a 
disk, but this option is only accepted for loopaes and plain devices, 
according to the man.

There's another option to give an offset, for the key-file, but as far 
as I could understand, this is for the offset of the key slots 
relatively to the start of the partition they're on.

Also --align-payload only works on the data.

So is there a way to place a detached header arbitrarily on a disk, and 
not at the start of a partition?

Best regards,
Theo.

Re: [dm-crypt] Detached header offset

[Milan Broz]

On 04/13/2017 12:18 PM, 7heo wrote:
> Hey all,
> 
> I assumed that there was on option to give the offset of the header on a 
> disk, but this option is only accepted for loopaes and plain devices, 
> according to the man.

Neither loopaes nor plain device use header. Where do you see this?

> There's another option to give an offset, for the key-file, but as far 
> as I could understand, this is for the offset of the key slots 
> relatively to the start of the partition they're on.
> 
> Also --align-payload only works on the data.

All offsets works only for data.

> So is there a way to place a detached header arbitrarily on a disk, and 
> not at the start of a partition?

No. LUKS1 offset always starts at sector 0.
All tools like blkid search for header at this location, you cannot
arbitrarily change offset.

You can only set data payload offset to 0 if detached header is used
(it means that no header is on the data device itself.)

Milan

Re: [dm-crypt] Detached header offset

[Robert Nichols]

On 04/13/2017 05:18 AM, 7heo wrote:
>
> So is there a way to place a detached header arbitrarily on a disk, and not at the start of a partition?

It's not supported within cryptsetup, but you can always use "losetup" to create a loop device starting at the needed offset and then specify that loop device as the detached header:

     Loopdev=$(losetup -f --show -o 65536 /dev/{whatever}
     cryptsetup luksOpen --header $Loopdev ...
     losetup -d $Loopdev

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

Re: [dm-crypt] Detached header offset

[Arno Wagner]

Hi Theo,

since it is a detached header, you could probably do a mapping 
to file from the raw sectors, using losetup like this

  losetup -o offset --sizelimit <header size>  /dev/loop0 <dev_raw_disk>

and then use that as the file-argument for the detached header.

I would say that this is exceedingly "hackish" and probably 
asking for a lot of potentially painful problems.

You could probably also (even worse idea) use LVM to combine 
the sectors for the header and the ones for the data into a 
complete LUKS device (i.e. no detached header in the final thing).

Regards,
Arno


On Thu, Apr 13, 2017 at 12:18:08 CEST, 7heo wrote:
> Hey all,
> 
> I assumed that there was on option to give the offset of the header on a
> disk, but this option is only accepted for loopaes and plain devices,
> according to the man.
> 
> There's another option to give an offset, for the key-file, but as far as I
> could understand, this is for the offset of the key slots relatively to the
> start of the partition they're on.
> 
> Also --align-payload only works on the data.
> 
> So is there a way to place a detached header arbitrarily on a disk, and not
> at the start of a partition?
> 
> Best regards,
> Theo.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier