cryptsetup and how to create luks partiton?

Mon, 27 Jul 2009 04:10:43 -0700 

Hi,

recently live-helpers was corrected for cryptsetup calls for persistency
on luks.

http://git.debian.net/?p=debian-live/live-initramfs.git;a=commit;h=d6df808045a033b717c2a9a903ed4f9cbb7c67a4

I was trying to use this feature but I was getting the following error:

/lib/cryptsetup/askpass Enter passphrase for live-rw on /dev/mapper/hda1:
/sbin/cryptsetup -T 1 luksOpen /dev/mapper/hda1 hda1 --key-file=-
Error: incorrect number of arguments
Usage: /lib/cryptsetup/askpass PROMPT

A -> | <- is missing between askpass and cryptsetup commands:

/lib/cryptsetup/askpass "Enter passphrase for ${pers_label} on ${devname}:
" | /sbin/cryptsetup -T 1 luksOpen ${devname} $(basename ${devname})
--key-file=-

Tested and confirmed. Now the passphrase is asked. But I still can't get
to open the luks partition.

How I created the luks partiton:

mkfs.ext2 -L home-rw /dev/hda1
cryptsetup luksFormat /dev/hda1
cryptsetup luksOpen /dev/hda1 home-rw
mkfs.ext2 -L home-rw /dev/mapper/home-rw
cryptsetup luksClose /dev/mapper/home-rw

Is this the correct way? How should I create it? I tried to use
'cryptsetup create' but the partition wasn't found.

The partition is labeled home-rw but I'm asked for a passphrase for
live-rw, home-rw, live-sn and home-sn and everytime it fails with:

Enter passphrase for live-rw on /dev/hda1:
There was an error decrypting /dev/mapper/hda1 ... Retry? [Y/n]
Command failed: No key available with this passphrase.

n
Enter passphrase for home-rw on /dev/hda1:
There was an error decrypting /dev/mapper/hda1 ... Retry? [Y/n]
Command failed: No key available with this passphrase.

n
...

But after booting I can open the luks partition with the command that
live-helpers should be running:

# /lib/cryptsetup/askpass "Prompt " | /sbin/cryptsetup -T 1 luksOpen
/dev/hda1 hda1 --key-file=-
Prompt
[  412.387784] padlock: VIA PadLock not detected.
[  412.461262] padlock: VIA PadLock Hash Engine not detected.
key slot 0 unlocked.
Command successful.
# mount /dev/mapper/hda1 /home
#

Attached is the debug mode live.log with persistent boot option using that
partition.

(note: in debug mode the user can't see anything. I've typed the
passphrase and then 'n' to not retry in the four times it asks for the
passphrase)

TIA

Rui M. P. Bernardo

Attachment: live.encrypted.log.tar.gz
Description: GNU Zip compressed data

Reply via email to