Back to bug 1030288
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ondrej Kozina | 2013-11-14 09:55:23 UTC | Status | NEW | ASSIGNED |
| Assignee | lvm-team | okozina | ||
| Ondrej Kozina | 2013-11-14 10:11:56 UTC | Priority | unspecified | medium |
| Severity | unspecified | medium | ||
| Ondrej Kozina | 2013-11-14 12:50:19 UTC | Blocks | 1029406 | |
| Alasdair Kergon | 2013-11-14 14:00:34 UTC | CC | gmazyland | |
| Ondrej Kozina | 2013-11-18 18:18:16 UTC | Summary | cryptsetup-reencrypt doesn't work when last keyslot is active | Trying to read keyslot 7 from external header file fails with error device too small |
| Ondrej Kozina | 2013-11-22 09:22:43 UTC | Status | ASSIGNED | POST |
| Ondrej Kozina | 2013-11-29 11:14:48 UTC | Doc Text | Cause: Cryptsetup library does not align the backup header stored in regular file to system page size (4KiB). This will fail internal check in library for correct header size if you try to load last (7) keyslot from backup header. Consequence: 1) cryptsetup luksOpen --header /path/to/hdr_file -S 7 /dev/device fails (supposing keyslot 7 is active) 2) cryptsetup-reencrypt /dev/device fails (if keyslot 7 is active) Workaround (if any): For failure described in item 1): The simplest solution is to disable keyslot 7. If disabling keyslot 7 is not an option for you, you can create loop device over such header file (losetup -f /path/to/hdr_file) and pass newly created loop device to --header option in cryptsetup luksOpen command. For failure described in item 2): Disable keyslot 7. In both workarounds before, if you consider disabling keyslot 7, first reassure yourself that after disabling keyslot 7 there will remain at least one active keyslot that you know password for or you will render you luks device unusable. | |
| Doc Type | Bug Fix | Known Issue | ||
| Milan Navratil | 2013-12-04 16:48:01 UTC | CC | mnavrati | |
| Doc Text | Cause: Cryptsetup library does not align the backup header stored in regular file to system page size (4KiB). This will fail internal check in library for correct header size if you try to load last (7) keyslot from backup header. Consequence: 1) cryptsetup luksOpen --header /path/to/hdr_file -S 7 /dev/device fails (supposing keyslot 7 is active) 2) cryptsetup-reencrypt /dev/device fails (if keyslot 7 is active) Workaround (if any): For failure described in item 1): The simplest solution is to disable keyslot 7. If disabling keyslot 7 is not an option for you, you can create loop device over such header file (losetup -f /path/to/hdr_file) and pass newly created loop device to --header option in cryptsetup luksOpen command. For failure described in item 2): Disable keyslot 7. In both workarounds before, if you consider disabling keyslot 7, first reassure yourself that after disabling keyslot 7 there will remain at least one active keyslot that you know password for or you will render you luks device unusable. | The cryptsetup library does not align the backup header stored in the regular file to the system page size (4KiB). When trying to load the last (7) keyslot from the backup header, the internal check in the library for the correct header fails. As a consequence, if keyslot 7 is active, running the following command fails: cryptsetup luksOpen --header /path/to/hdr_file -S 7 /dev/device To work around this problem, disabling keyslot 7 is the simplest solution. If disabling keyslot 7 is not a viable option, create a loop device over such a header file by running the following command: losetup -f /path/to/hdr_file. Then, pass the newly created loop device to the --header option in the cryptsetup luksOpen command. In addition, running the following command fails: cryptsetup-reencrypt /dev/device To work around this problem, disable keyslot 7. Note: Before you disable keyslot 7, make sure that there is at least one remaining active keyslot that you know password for. Otherwise, the LUKS device becomes unusable. |
||
| Pavel Holica | 2013-12-17 09:42:35 UTC | CC | pholica | |
| Ondrej Kozina | 2014-01-10 12:13:12 UTC | Status | POST | MODIFIED |
| Fixed In Version | cryptsetup-1.6.3-1.el7 | |||
| errata-xmlrpc | 2014-01-13 09:03:40 UTC | Status | MODIFIED | ON_QA |
| Peter Kotvan | 2014-01-30 11:56:18 UTC | Status | ON_QA | VERIFIED |
| CC | pkotvan | |||
| Milan Navratil | 2014-01-30 11:58:08 UTC | CC | mnavrati | |
| Ludek Smid | 2014-06-13 10:44:10 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2014-06-13 06:44:10 UTC | |||
| Pavel Najman | 2021-09-06 15:04:21 UTC | Pool ID | sst_platform_storage_rhel_7 | sst_logical_storage_rhel_7 |
Back to bug 1030288