encrypted partition works in lucid, not maverick

Bug #622762 reported by Serge Hallyn
32
This bug affects 4 people
Affects Status Importance Assigned to Milestone
cryptsetup
Invalid
Undecided
Unassigned

Bug Description

I created a backup on external USB disk in lucid:

   cryptsetup create home-backup /dev/sdb1
   mkfs.ext4 -L home-backup /dev/mapper/home-backup
   rsync (...)

Then I upgraded the laptop to maverick, and tried to
remount the disk. But I get:
    EXT4-fs (dm-0): bad geometry: block count 3702762854 exceeds size of device (5245222 blocks)

Then I installed a lucid-server kvm VM and passed the external
usb disk to it. There, I can mount the encrypted partition!

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Note, I've repeated the experiment (starting from the lucid VM) using
xfs, so this is not an ext4 bug.

Revision history for this message
Colin Watson (cjwatson) wrote :

Does this have anything to do with this entry in /usr/share/doc/cryptsetup/NEWS.Debian.gz?

  The default key size for LUKS was changed from 128 to 256 bits, and default
  plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256.
  In case that you use plain mode encryption and don't have set cipher and hash
  in /etc/crypttab, you should do so now. The new defaults are not backwards
  compatible. See the manpage for crypttab(5) for further information. If your
  dm-crypt setup was done by debian-installer, you can ignore that warning.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 622762] Re: encrypted partition works in lucid, not maverick

Quoting Colin Watson (<email address hidden>):
> Does this have anything to do with this entry in
> /usr/share/doc/cryptsetup/NEWS.Debian.gz?
>
> The default key size for LUKS was changed from 128 to 256 bits, and default
> plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256.
> In case that you use plain mode encryption and don't have set cipher and hash
> in /etc/crypttab, you should do so now. The new defaults are not backwards
> compatible. See the manpage for crypttab(5) for further information. If your
> dm-crypt setup was done by debian-installer, you can ignore that warning.

Steve also suggested last night that this might be it, and I suspect you're
right. I will test when I get back home this weekend.

thanks,
-serge

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks, Colin. I was able to mount the fs after doing:

cryptsetup -c aes-cbc-plain create h /dev/sdb1

I'm not sure whether we should recommend this for release notes, or whether
it's something where I should have known where to look (NEWS.Debian.gz)?
The latter sounds not-unlikely.

Changed in cryptsetup:
status: New → Invalid
Revision history for this message
Antonio Costantino (anto-costantino) wrote :

It is not clear to me if this affect also boot partitions... I mean, my disk is fully encrypted with LUKS, should I upgrade it will not boot?!

Revision history for this message
Sebastian Thürrschmidt (thuerrschmidt) wrote :

Antonio, don't worry about your LUKS encrypted system, it will boot just fine without any modifications. I've had no LUKS-related problems of any kind while upgrading my three fully encrypted systems to Maverick. I can also access my external hard disks, which I set up for encryption in older Ubuntu releases, using "cryptsetup luksOpen" and "mount" as before. I guess this issue simply isn't about LUKS and stuff.

Revision history for this message
Peggys Mouse (peggysmouse) wrote :

how can i tell if this issue affects me? i want to upgrade from 10.4 to 10.10. i have a partitioned /home directory. i don't want to upgrade if it means i'll loose my /home data or perhaps not be able to log in.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.