Possible issue with LUKS setup and LVM

Project Discussion
1

Hello all,

I setup a LUKS encrypted partition using Kickstart as follows:

text
logvol /home2/ --encrypted --vgname=vg_data --name=local1 --fstype="ext4" --grow --size=32768 --fsoptions="noatime,max_batch_time=0"

The OS asks me for the password after reboot (I’m using Fedora 29) and boots normally. If I check for the partition types I do see than the OS thinks the partition is encrypted:

[root@X ~]# blkid |egrep crypto_LUKS
/dev/mapper/vg_data-home2: UUID="666-6a07-4bb7-b059-f11b3168ef3d" TYPE="crypto_LUKS"

lsblk seems to agree:

[root@X ~]# lsblk
NAME                                            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                               8:0    0 279.4G  0 disk  
├─sda1                                            8:1    0   512M  0 part  /boot
└─sda2                                            8:2    0 278.9G  0 part  
  ├─vg_root-root                                253:0    0    32G  0 lvm   /
  ├─vg_root-swap                                253:1    0     4G  0 lvm   [SWAP]
  ├─vg_root-apps                                253:3    0 226.9G  0 lvm   /apps
  └─vg_root-var                                 253:4    0    16G  0 lvm   /var
sdb                                               8:16   0   1.1T  0 disk  
└─sdb1                                            8:17   0   1.1T  0 part  
  └─vg_data-home2                              253:2    0   1.1T  0 lvm   
    └─luks-666-6a07-4bb7-b059-f11b3168ef3d 253:5    0   1.1T  0 crypt /home2

But if I ask LUKS directly (cryptsetup isLuks /dev/mapperluks-666-6a07-4bb7-b059-f11b3168ef3d) if is a encrypted partition I get an error:

Device /dev/mapperluks-67399c02-6a07-4bb7-b059-f11b3168ef3d doesn't exist or access denied.

‘cryptsetup isLuks /dev/mapperluks-666-6a07-4bb7-b059-f11b3168ef3d’ returns 1 which means is not a LUKS encrypted device.

Any ideas what I could be doing wrong? I can provide more details if needed.

Thanks!

1 Like
2

It seems you have lost a slash, because /dev/mapper is a directory.

3

Hello,

Was a bad copy and paste but device is mounted as:

/dev/mapper/luks-666-6a07-4bb7-b059-f11b3168ef3d
1 Like
5

Hi,

As I mentioned before this returns false:

[root@nyxlabavt-4 ~]# cryptsetup isLuks /dev/mapper/luks-666-6a07-4bb7-b059-f11b3168ef3d; echo $?
1

Man page says:
sLuks 

returns true, if <device> is a LUKS partition. Otherwise, false.

Thanks.

1 Like
6

You need to query the parent device like this:

$ lsblk 
NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sr0                                            11:0    1 1024M  0 rom   
vda                                           252:0    0   20G  0 disk  
├─vda1                                        252:1    0    1G  0 part  /boot
└─vda2                                        252:2    0   19G  0 part  
  └─luks-c4bfc579-3aae-465f-b969-47547e379449 253:0    0   19G  0 crypt 
    ├─fedora-root                             253:1    0   17G  0 lvm   /
    └─fedora-swap                             253:2    0    2G  0 lvm   [SWAP]

$ sudo cryptsetup isLuks /dev/vda2; echo ${?}
0

So, /dev/mapper/luks-* is a volume inside the LUKS.

In your case, it should be:

sudo cryptsetup isLuks /dev/mapper/vg_data-home2
7

Hello vgaetera,

Yes!. I was polling the wrong device. In my case:

[root@nyxlabavt-4 ~]# lsblk 
NAME                                            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                               8:0    0 279.4G  0 disk  
├─sda1                                            8:1    0   512M  0 part  /boot
└─sda2                                            8:2    0 278.9G  0 part  
  ├─vg_root-root                                253:0    0    32G  0 lvm   /
  ├─vg_root-swap                                253:1    0     4G  0 lvm   [SWAP]
  ├─vg_root-apps                                253:3    0 226.9G  0 lvm   /apps
  └─vg_root-var                                 253:4    0    16G  0 lvm   /var
sdb                                               8:16   0   1.1T  0 disk  
└─sdb1                                            8:17   0   1.1T  0 part  
  └─vg_data-home2                             253:2    0   1.1T  0 lvm   
    └─luks-666-6a07-4bb7-b059-f11b3168ef3d 253:5    0   1.1T  0 crypt /home2

If I ask now for /dev/mapper/vg_data-home2

[root@nyxlabavt-4 ~]# cryptsetup isLuks /dev/mapper/vg_data-home2; echo ${?}
0

Thanks for your help!

1 Like