encrypted partition works in lucid, not maverick

Bug #622762 reported by Serge Hallyn on 2010-08-23
32
This bug affects 4 people
Affects Status Importance Assigned to Milestone
cryptsetup
Undecided
Unassigned

Bug Description

I created a backup on external USB disk in lucid:

   cryptsetup create home-backup /dev/sdb1
   mkfs.ext4 -L home-backup /dev/mapper/home-backup
   rsync (...)

Then I upgraded the laptop to maverick, and tried to
remount the disk. But I get:
    EXT4-fs (dm-0): bad geometry: block count 3702762854 exceeds size of device (5245222 blocks)

Then I installed a lucid-server kvm VM and passed the external
usb disk to it. There, I can mount the encrypted partition!

Serge Hallyn (serge-hallyn) wrote :

Note, I've repeated the experiment (starting from the lucid VM) using
xfs, so this is not an ext4 bug.

Colin Watson (cjwatson) wrote :

Does this have anything to do with this entry in /usr/share/doc/cryptsetup/NEWS.Debian.gz?

  The default key size for LUKS was changed from 128 to 256 bits, and default
  plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256.
  In case that you use plain mode encryption and don't have set cipher and hash
  in /etc/crypttab, you should do so now. The new defaults are not backwards
  compatible. See the manpage for crypttab(5) for further information. If your
  dm-crypt setup was done by debian-installer, you can ignore that warning.

Quoting Colin Watson (<email address hidden>):
> Does this have anything to do with this entry in
> /usr/share/doc/cryptsetup/NEWS.Debian.gz?
>
> The default key size for LUKS was changed from 128 to 256 bits, and default
> plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256.
> In case that you use plain mode encryption and don't have set cipher and hash
> in /etc/crypttab, you should do so now. The new defaults are not backwards
> compatible. See the manpage for crypttab(5) for further information. If your
> dm-crypt setup was done by debian-installer, you can ignore that warning.

Steve also suggested last night that this might be it, and I suspect you're
right. I will test when I get back home this weekend.

thanks,
-serge

Serge Hallyn (serge-hallyn) wrote :

Thanks, Colin. I was able to mount the fs after doing:

cryptsetup -c aes-cbc-plain create h /dev/sdb1

I'm not sure whether we should recommend this for release notes, or whether
it's something where I should have known where to look (NEWS.Debian.gz)?
The latter sounds not-unlikely.

Changed in cryptsetup:
status: New → Invalid

It is not clear to me if this affect also boot partitions... I mean, my disk is fully encrypted with LUKS, should I upgrade it will not boot?!

Antonio, don't worry about your LUKS encrypted system, it will boot just fine without any modifications. I've had no LUKS-related problems of any kind while upgrading my three fully encrypted systems to Maverick. I can also access my external hard disks, which I set up for encryption in older Ubuntu releases, using "cryptsetup luksOpen" and "mount" as before. I guess this issue simply isn't about LUKS and stuff.

Peggys Mouse (peggysmouse) wrote :

how can i tell if this issue affects me? i want to upgrade from 10.4 to 10.10. i have a partitioned /home directory. i don't want to upgrade if it means i'll loose my /home data or perhaps not be able to log in.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers