1959739 – virt-v2v fails to open BitLocker disk with: BITLK devices with type 'encrypt-on-write' cannot be activated. (0)

Bug 1959739 - virt-v2v fails to open BitLocker disk with: BITLK devices with type 'encrypt-on-write' cannot be activated. (0)

Summary: virt-v2v fails to open BitLocker disk with: BITLK devices with type 'encrypt-...

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	virt-v2v
Sub Component:
Version:	8.5
Hardware:	x86_64
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.4
Assignee:	Richard W.M. Jones
QA Contact:	tingting zheng
Docs Contact:
URL:
Whiteboard:
Depends On:	1959055
Blocks:
TreeView+	depends on / blocked

Reported:	2021-05-12 09:12 UTC by mxie@redhat.com
Modified:	2021-08-17 10:10 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1959055
Environment:
Last Closed:	2021-08-17 10:10:30 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description mxie@redhat.com 2021-05-12 09:12:33 UTC

Clone the bug because can reproduce it on rhel8.5

Packcage versions:
virt-v2v-1.42.0-12.module+el8.5.0+10976+d40a93e9.x86_64
libguestfs-1.44.0-3.module+el8.5.0+10681+17a9b157.x86_64
libvirt-client-7.0.0-13.module+el8.4.0+10604+5608c2b4.x86_64
qemu-kvm-6.0.0-16.module+el8.5.0+10848+2dccc46d.x86_64
nbdkit-1.24.0-1.module+el8.4.0+9341+96cf2672.x86_64


+++ This bug was initially created as a clone of Bug #1959055 +++

Description of problem:
Virt-v2v can't find key when convert windows BitLocker guest on rhel9

Version-Release number of selected component (if applicable):
virt-v2v-1.44.0-1.el9.x86_64
libguestfs-1.45.2-4.el9.x86_64
guestfs-tools-1.46.0-1.el9.x86_64
nbdkit-1.25.4-2.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Prepare a windows guest whose disk is encrypted by Bitblocker on VMware, then convert the guest from VMware to rhv4.4 by v2v
#  virt-v2v -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 -it vddk -io vddk-libdir=/home/vddk7.0 -io  vddk-thumbprint=B5:52:1F:B4:21:09:45:24:51:32:56:F6:63:6A:93:5D:54:08:2D:78 -ip /home/passwd -o rhv-upload -of qcow2 -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd  -os nfs_data -b ovirtmgmt esx7.0-win2019-ntfs-3g-bitblocker --key "/dev/sda2":file:windows-key 
[   0.8] Opening the source -i libvirt -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 esx7.0-win2019-ntfs-3g-bitblocker -it vddk  -io vddk-libdir=/home/vddk7.0 -io vddk-thumbprint=B5:52:1F:B4:21:09:45:24:51:32:56:F6:63:6A:93:5D:54:08:2D:78
[   3.6] Creating an overlay to protect the source from being modified
[   5.2] Opening the overlay
virt-v2v: could not find key to open LUKS encrypted /dev/sda2.

Try using --key on the command line.

Original error: cryptsetup_open: cryptsetup exited with status 1: BITLK devices with type 'encrypt-on-write' cannot be activated. (0)



Actual results:
As above description

Expected results:
Virt-v2v should can convert windows BitLocker guest since bug1808977 has been fixed

Additional info:

--- Additional comment from Richard W.M. Jones on 2021-05-10 16:40:46 UTC ---

We correctly run:

  cryptsetup -d /tmp/cryptabc37c.key open /dev/sda2 cryptsda2 --type bitlk

which fails with:

  BITLK devices with type 'encrypt-on-write' cannot be activated. (0)

This seems to be a problem with support for this guest by cryptsetup.
I think when you created the guest or set up BitLocker in the guest,
you may have selected the "Encrypt on Write" option.  (There is another
option to encrypt the whole disk).  Apparently cryptsetup or the kernel
does not support Encrypt on Write.  This may not be something that we
are able to solve.

https://gitlab.com/cryptsetup/cryptsetup/-/blob/c40be6cc7a830f95cbea336693bbcabd101df135/lib/bitlk/bitlk.c#L1209

Comment 1 Richard W.M. Jones 2021-05-12 09:57:57 UTC

This is unfortunately not supported by the kernel/cryptsetup.

Comment 3 mxie@redhat.com 2021-08-17 07:34:25 UTC

The error info has changed

Packages version:
virt-v2v-1.42.0-14.module+el8.5.0+11846+77888a74.x86_64
libguestfs-1.44.0-3.module+el8.5.0+10681+17a9b157.x86_64
libvirt-libs-7.6.0-1.module+el8.5.0+12097+2c77910b.x86_64
qemu-img-6.0.0-26.module+el8.5.0+12044+525f0ebc.x86_64
kernel-4.18.0-322.el8.x86_64


#  virt-v2v -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 -it vddk -io vddk-libdir=/home/vddk7.0 -io  vddk-thumbprint=B5:52:1F:B4:21:09:45:24:51:32:56:F6:63:6A:93:5D:54:08:2D:78 -ip /home/passwd -o rhv-upload -of qcow2 -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd  -os nfs_data -b ovirtmgmt esx7.0-win2019-ntfs-3g-bitblocker --key "/dev/sda2":file:windows-key 
[   1.1] Opening the source -i libvirt -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 esx7.0-win2019-ntfs-3g-bitblocker -it vddk  -io vddk-libdir=/home/vddk7.0 -io vddk-thumbprint=B5:52:1F:B4:21:09:45:24:51:32:56:F6:63:6A:93:5D:54:08:2D:78
[   3.9] Creating an overlay to protect the source from being modified
[   5.7] Opening the overlay
[  22.4] Inspecting the overlay
[  29.5] Checking for sufficient free disk space in the guest
[  29.5] Estimating space required on target for each disk
[  29.5] Converting Windows Server 2019 Standard to run on KVM
virt-v2v: error: libguestfs error: blockdev_getsize64: 
blockdev_getsize64_stub: /dev/mapper/cryptsda: No such file or directory

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]

Comment 4 Richard W.M. Jones 2021-08-17 10:10:30 UTC

This is a different issue.  Can you clone this or open a new bug
for RHEL AV please.

I'm closing the current bug as CLOSED CANTFIX because encrypt on write
requires kernel or cryptsetup changes to support and is out of scope
of what we can reasonably do.

Note You need to log in before you can comment on or make changes to this bug.