0

I just encrypted an ext4 partition of my external hard drive with the following command:

sudo cryptsetup reencrypt --encrypt /dev/sda2 --reduce-device-size 16MiB -N

This finished successfully, if I try to run that again it says:

Device /dev/sda2 is already LUKS device. Aborting operation.

So far so good. Now let's try to open the luks partition:

sudo cryptsetup luksOpen /dev/sda2 mediamapthing

This works. However when I run this:

sudo mount /dev/mapper/mediamapthing /media/media

I get this error:

mount: /media/media: special device /dev/mapper/mediamapthing does not exist.

My guess is the first command borked my filesystem somehow (perhaps with --reduce-device-size), but I wonder if this is recoverable / I'm just running the wrong commands to mount it.

In dmesg I all I see is this:

[ 2260.777750] /dev/mapper/mediamapthing: Can't open blockdev

Which isn't super helpful.

I have nothing related to this drive in my fstab:

UUID=21c04bb1-7cf9-491c-82a2-57222bbf5fb0   /           ext4        rw,relatime 0 1
UUID=34a4e502-bd77-40e3-ace1-c1df54c531c3   /home           ext4        rw,relatime 0 1
UUID=B4A8-67EE          /boot       vfat        rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2

More info:

$ sudo systemctl status dev-mapper-mediamapthing.device systemd-cryptsetup@mediamapthing
Unit [email protected] could not be found.
● dev-mapper-mediamapthing.device - /dev/mapper/mediamapthing
    Follows: unit currently follows state of sys-devices-virtual-block-dm\x2d0.device
     Loaded: loaded
     Active: active (plugged) since Tue 2022-11-01 12:21:49 PDT; 4min 46s ago
      Until: Tue 2022-11-01 12:21:49 PDT; 4min 46s ago
     Device: /sys/devices/virtual/block/dm-0

$ sudo dmsetup table
mediamapthing: 0 4334788608 crypt aes-xts-plain64 :64:logon:cryptsetup:1186f7eb-b29a-46b7-bd1d-c69446f53c47-d0 0 8:2 16384

$ sudo cryptsetup status /dev/mapper/mediamapthing
/dev/mapper/mediamapthing is active.
  type:    LUKS2
  cipher:  aes-xts-plain64
  keysize: 512 bits
  key location: keyring
  device:  /dev/sda2
  sector size:  512
  offset:  16384 sectors
  size:    4334788608 sectors
  mode:    read/write

$ sudo cryptsetup luksDump /dev/sda2
LUKS header information
Version:        2
Epoch:          529153
Metadata area:  16384 [bytes]
Keyslots area:  8355840 [bytes]
UUID:           1186f7eb-b29a-46b7-bd1d-c69446f53c47
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
    offset: 8388608 [bytes]
    length: (whole device)
    cipher: <redacted>
    sector: 512 [bytes]

Keyslots:
  0: luks2
    Key:        512 bits
    Priority:   normal
    Cipher:     aes-xts-plain64
    Cipher key: 512 bits
    PBKDF:      argon2id
    Time cost:  7
    Memory:     1048576
    Threads:    4
    Salt:       <redacted>
    AF stripes: 4000
    AF hash:    sha256
    Area offset:32768 [bytes]
    Area length:258048 [bytes]
    Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
    Hash:       sha256
    Iterations: 142160
    Salt:       <redacted>
    Digest:     <redacted>

$ blkid
/dev/mapper/mediamapthing: LABEL="stuff" UUID="238b30f9-0f23-43b6-9ebe-8389943dd5fb" BLOCK_SIZE="4096" TYPE="ext4"

$ file -sL /dev/mapper/* /dev/dm-*
/dev/mapper/mediamapthing: Linux rev 1.0 ext4 filesystem data, UUID=238b30f9-0f23-43b6-9ebe-8389943dd5fb, volume name "stuff" (errors) (extents) (64bit) (large files) (huge files)
/dev/dm-0:                 Linux rev 1.0 ext4 filesystem data, UUID=238b30f9-0f23-43b6-9ebe-8389943dd5fb, volume name "stuff" (errors) (extents) (64bit) (large files) (huge files)
Daniel Porteous
  • 481
  • 6
  • 16
  • This is all managed by systemd these days. Perhaps it has not noticed the partition changing from ext4 to luks. Look at `sudo systemctl status dev-mapper-X.device systemd-cryptsetup@X`, (where X is "mediamapthing") and if you can see some failures try stopping them, doing a `sudo systemctl daemon-reload`, then `reset-failed`, and `start` the units. – meuh Nov 01 '22 at 17:51
  • The lower level command to cryptsetup is `dmsetup`. If you see the mediamapthing when running `dmsetup table` that means it was mapped but something else failed somewhere else. – A.B Nov 01 '22 at 17:57
  • cryptsetup luksDump, cryptsetup status, ...? Did you shrink the filesystem first...? – frostschutz Nov 01 '22 at 17:59
  • I restarted my machine, so it shouldn't be the systemd issue. As for `dmsetup table`, it is there, I updated the question with that info. I also added the output of the two `cryptsetup` commands. I did not shrink the filesystem first, I (naively) assumed `--reduce-device-size` would do this for me. – Daniel Porteous Nov 01 '22 at 19:24
  • ext4 will probably complain about bad geometry then… check the error message again? if it keeps saying Can't open blockdev, is the device and filesystem found at all in `file -sL /dev/mapper/* /dev/dm-*` or `blkid`? – frostschutz Nov 01 '22 at 20:13
  • Updated the question with the outputs of those commands. There does seem to be a problem there. – Daniel Porteous Nov 01 '22 at 20:30
  • In the end I was able to just decrypt the drive and all the data was still there. I followed the instructions here to downgrade from LUKS2 to LUKS1 and then decrypt: https://unix.stackexchange.com/a/606231/194119. I'll leave this as a comment though and not an answer since I still don't know how to resolve the original problem. – Daniel Porteous Dec 08 '22 at 09:32

0 Answers0