[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Weird encrypted filesystem problem.

Hash: SHA1

The Tuesday 2007-04-17 at 09:47 +0200, Ludwig Nussel wrote:

> Looks good
> >   nimrodel:~/bin/cryptsetup-legacy # mount /dev/mapper/foo a/
> >   mount: Function not implemented
> > 
> > I have no idea what function it is talking about... but as far as I know,,
> > I'm following your instructions.
> Hmm, no idea. Are you sure a/ is a directory? Any suspicious entry in
> /var/log/messages? Are you sure the device is not used by cryptoloop
> already?

Yes, a/ is a directory I made for the purpose as a second try. hdc can't 
be in use, as it is encrypted via the old method that doesn't work once 
there is another crypto partition/file active with the new method. Entries 
in log... not a single message in the kernel log, that one I looked. In 
messages I don't remember... I have to try again, I don't remember the 
exact time I tried, to look it up in the logs.

  nimrodel:~ # lsmod | grep dm_crypt
  nimrodel:~ # modprobe dm_crypt
  nimrodel:~ # lsmod | grep dm_crypt
  dm_crypt               12808  0 
  dm_mod                 62264  1 dm_crypt

  nimrodel:~ # mkdir foodir

I put the dvd in the drive at this moment, and gnome tries to automount, 
failing, of course:

  Apr 17 12:36:38 nimrodel kernel: FAT: invalid media value (0xde)
  Apr 17 12:36:38 nimrodel kernel: VFS: Can't find a valid FAT filesystem on dev hdc.
  Apr 17 12:36:38 nimrodel kernel: hfs: can't find a HFS filesystem on dev hdc.
  Apr 17 12:36:38 nimrodel kernel: MINIX-fs: blocksize too small for device
  Apr 17 12:36:38 nimrodel kernel: ReiserFS: hdc: warning: sh-2021: reiserfs_fill_super: can not find reiserfs on hdc
  Apr 17 12:36:39 nimrodel kernel: Unable to identify CD-ROM format.
  Apr 17 12:36:39 nimrodel kernel: VFS: Can't find ext3 filesystem on dev hdc.
  Apr 17 12:36:39 nimrodel kernel: VFS: Can't find an ext2 filesystem on dev hdc.


  nimrodel:~ # cryptsetup-twofishSL92 foo /dev/hdc
  Enter passphrase: 
  nimrodel:~ # 

The passphrase is accepted, and the dvd spins up. Nothing in kernel log, 
nothing in messages.

  nimrodel:~ # l /dev/mapper/
  total 0
  drwxr-xr-x  2 root root     80 Apr 17 12:38 ./
  drwxr-xr-x 11 root root   8220 Apr 17 12:38 ../
  lrwxrwxrwx  1 root root     16 Apr 17 02:07 control -> ../device-mapper
  brw-------  1 root root 253, 0 Apr 17 12:38 foo

  nimrodel:~ # mount /dev/mapper/foo foodir/
  mount: Function not implemented      <== takes some five seconds)
  nimrodel:~ # 

  nimrodel:~ # dmsetup info foo
  Name:              foo
  State:             ACTIVE
  Tables present:    LIVE
  Open count:        0
  Event number:      0
  Major, minor:      253, 0
  Number of targets: 1

  nimrodel:~ # dmsetup status foo
  0 9179136 crypt 

Nothing at all in the logs (and I have "KERNEL_LOGLEVEL=1" in 

Is there something I can do to expand info? How to know what that 
"Function not implemented" is refering to? Could it be that the mount 
program in 10.2 can not mount device-mapper things? Perhaps I could try 
with a plain dvd, if you tell me a procedure.

(I tried again with a intentionally wrong passphrase, and there is no 
complain; I don't like that).

The corresponding line in fstab for that dvd is:

  /dev/dvd    /mnt/dvd.crypta.x9      auto    ro,noauto,user,loop,encryption=twofishSL92

The filesystem is XFS. I can mount it once I umount the new style crypt 
partitions, or freshly after reboot. After copying over my files, I 
disable the sl92 mode by doing:
  rmmod loop_fish2 cryptoloop twofish

and then mount my new style partitions again. I did this yesterday, as I 
needed those files, and so I tested that the DVD was still ok. 

Today I tried with a different dvd.

> > I noticed that the compile.sh aplies dm-crypt-nulliv.diff, but there is
> > another file, 'cryptsetup-luks-1.0.4-loop_fish2_compat.diff' that is not
> > applied anywhere. Should I? If so, what to and how?
> That's a patch for cryptsetup. You only need it if you use the even
> older 160bit twofish encryption.

Ah, ok.

- -- 
       Carlos E. R.

Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76


To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx