From: Ondrej Kozina <okozina@redhat.com>
To: michael@kjorling.se
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup-reencrypt fails after converting a LUKS1 volume to LUKS2
Date: Thu, 2 Aug 2018 11:44:30 +0200 [thread overview]
Message-ID: <d6bc219c-d7d4-3feb-b591-a775c34ebd32@redhat.com> (raw)
In-Reply-To: <20180802092832.GA16707@h-174-65.A328.priv.bahnhof.se>
On 08/02/2018 11:28 AM, Michael Kjörling wrote:
> On 2 Aug 2018 11:20 +0200, from okozina@redhat.com (Ondrej Kozina):
>> Ok, I know what's wrong. The convert action works as expected and
>> there's nothing wrong with data offset. The issue is
>> cryptsetup-reencrypt utility currently can't handle setup where
>> existing LUKS2 header, on a device you're about to reencrypt is
>> different size from default LUKS2 header size which is 4MiBs
>> currently. The converted header is as you wrote 2MiBs.
>
> Sounds to me like that should be easy enough to add an early check and
> specific error message for. Even if the error is just something like
> "this container cannot be converted to LUKS2 because of header size
> mismatch, no changes made", it's far better than erroring out with a
> scary error message. cryptsetup-reencrypt is scary enough as it is.
>
In my reproducer, the data were not damaged and I think neither were in
Ingo's case (but can't speak for him). In fact, cryptsetup library
behaved correctly and identified the mismatch. It's exactly just missing
error message in cryptsetup-reencrypt as you pointed out. The
reencryption stopped while creating header backups so no harm done (in
my case). But let me think about it for some time yet.
O.
next prev parent reply other threads:[~2018-08-02 9:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-02 8:16 [dm-crypt] cryptsetup-reencrypt fails after converting a LUKS1 volume to LUKS2 Ingo Franzki
2018-08-02 8:52 ` Ondrej Kozina
2018-08-02 9:20 ` Ondrej Kozina
2018-08-02 9:28 ` Michael Kjörling
2018-08-02 9:44 ` Ondrej Kozina [this message]
2018-08-02 10:38 ` Ingo Franzki
2018-08-02 10:56 ` Ondrej Kozina
2018-08-02 13:05 ` Ondrej Kozina
2018-08-02 13:42 ` Ingo Franzki
2018-08-02 14:24 ` Ondrej Kozina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d6bc219c-d7d4-3feb-b591-a775c34ebd32@redhat.com \
--to=okozina@redhat.com \
--cc=dm-crypt@saout.de \
--cc=michael@kjorling.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.