Tuxedo
2018-08-31 20:06:11 UTC
Having set up an extended partition as detailed in my 'Pre LUKS and LVM
setup' post a bit earlier I understand that the next step is to encrypt the
extended partition which so far has unallocated space onto where the LVMs
should be added after the cryptsetup procedure.
So I loaded the latest Slackware media, being the current 12.2 64 bit ISO
from AlienBob. I skipped writing random data to the partition due to the SSD
media as discussed at https://docs.slackware.com/howtos:hardware:ssd
I then ran:
***@slackware:/# cryptsetup -s 256 -y LuksFormat /dev/nvme0n1p3
However, after entering a passphrase, the following error happened:
Cannot wipe header on device /dev/nvme0n1p3
I do the same again with the --debug flag, which gave a verbose output:
***@slackware:/# cryptsetup --debug -s 256 -y LuksFormat /dev/nvme0n1p3
WARNING!
========
This will overwrite data on /dev/nvme0n1p3 irrevocably.
Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/nvme0n1p3 context.
# Trying to open and read device /dev/nvme0n1p3 with direct-io.
# Initialising device.mapper backend library.
# Timeout set to 0 milliseconds.
# Iteration time set to 2000 milliseconds.
# Interactive passphrase entry requested.
Enter passphrase: ****
Verify passphrase: ****
# Formatting device /dev/nvme0n1p3 as type LUKS1
# Crypto backend (gcrypt 1.8.3) initialised in cryptosetup library version
1.7.5.
# Detected kernel Linux .4.14.67 x_86_64.
# Topology: IO (512/0), offset = 0; required alignment is 1048576 bytes.
# Checking if cipher aes-xts-plain-64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Generating LUKS header version 1 using hash sha256, aes, xts-plain64, mk
32 bytes
# KDF pbkdf2, hash sah256, UUID 854acbec-b6ef-4ee5-85ba-56a728476f59, digest
iterations 408750
Cannot wipe header on device /dev/nvme0n1p3.
# Releasing crypt device /dev/nvme0n1p3 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Input/output error
***@slackware:/#
Maybe the partitions are not set up properly?
As tested before, running 'gdisk /dev/nvme0n1' returns various errors:
***@slackware:/# gdisk /dev/nvme0n1
GPT fdisk (gdisk) version 1.0.4
EBR signature for logical partition invalid; read 0x0000, but should be
0xAA55
Error reading logical partitions! List may be truncated!
Partition table scan;
MBR: MBR only
BSD: not present
APM: not present
GPT: not present
*********************************************************
Found invalid GPT and valid MBR: converting to GPT format
in memory: THIS OPERATION ISN POTENTIALLY DESTRUCTIVE!
Exit by typing 'q' if you don't want to convert your
MBR partitions to GPT format!
********************************************************
Again, I did not proceed with converting the MBR to GPT, as I'm not sure
what it is and if it's the right thing to do?
Anyone has some tips what else I can try in proceeding with cryptsetup?
Tuxedo
setup' post a bit earlier I understand that the next step is to encrypt the
extended partition which so far has unallocated space onto where the LVMs
should be added after the cryptsetup procedure.
So I loaded the latest Slackware media, being the current 12.2 64 bit ISO
from AlienBob. I skipped writing random data to the partition due to the SSD
media as discussed at https://docs.slackware.com/howtos:hardware:ssd
I then ran:
***@slackware:/# cryptsetup -s 256 -y LuksFormat /dev/nvme0n1p3
However, after entering a passphrase, the following error happened:
Cannot wipe header on device /dev/nvme0n1p3
I do the same again with the --debug flag, which gave a verbose output:
***@slackware:/# cryptsetup --debug -s 256 -y LuksFormat /dev/nvme0n1p3
WARNING!
========
This will overwrite data on /dev/nvme0n1p3 irrevocably.
Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/nvme0n1p3 context.
# Trying to open and read device /dev/nvme0n1p3 with direct-io.
# Initialising device.mapper backend library.
# Timeout set to 0 milliseconds.
# Iteration time set to 2000 milliseconds.
# Interactive passphrase entry requested.
Enter passphrase: ****
Verify passphrase: ****
# Formatting device /dev/nvme0n1p3 as type LUKS1
# Crypto backend (gcrypt 1.8.3) initialised in cryptosetup library version
1.7.5.
# Detected kernel Linux .4.14.67 x_86_64.
# Topology: IO (512/0), offset = 0; required alignment is 1048576 bytes.
# Checking if cipher aes-xts-plain-64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Generating LUKS header version 1 using hash sha256, aes, xts-plain64, mk
32 bytes
# KDF pbkdf2, hash sah256, UUID 854acbec-b6ef-4ee5-85ba-56a728476f59, digest
iterations 408750
Cannot wipe header on device /dev/nvme0n1p3.
# Releasing crypt device /dev/nvme0n1p3 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Input/output error
***@slackware:/#
Maybe the partitions are not set up properly?
As tested before, running 'gdisk /dev/nvme0n1' returns various errors:
***@slackware:/# gdisk /dev/nvme0n1
GPT fdisk (gdisk) version 1.0.4
EBR signature for logical partition invalid; read 0x0000, but should be
0xAA55
Error reading logical partitions! List may be truncated!
Partition table scan;
MBR: MBR only
BSD: not present
APM: not present
GPT: not present
*********************************************************
Found invalid GPT and valid MBR: converting to GPT format
in memory: THIS OPERATION ISN POTENTIALLY DESTRUCTIVE!
Exit by typing 'q' if you don't want to convert your
MBR partitions to GPT format!
********************************************************
Again, I did not proceed with converting the MBR to GPT, as I'm not sure
what it is and if it's the right thing to do?
Anyone has some tips what else I can try in proceeding with cryptsetup?
Tuxedo