[pkg-cryptsetup-devel] Bug#587222: Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it

Jonas Meurer jonas at freesources.org
Sun Jun 27 00:01:39 UTC 2010 

Hey again,

On 27/06/2010 Christoph Anton Mitterer wrote:
> On Sun, 2010-06-27 at 00:34 +0200, Jonas Meurer wrote:
> > To be honest, I don't like the idea of using the bug tracking system
> > as
> > a discussion archive. As maintainer, I like to keep the count of open
> > bugs against packages low. It's generally better to document
> > controversial topics in the package or at documentation pages.
> Well,... actually it is a bug,.. it's however probably not limited to
> Debian itself.
> 
> 
> > Maybe it's time to setup a cryptsetup wiki page at wiki.debian.org,
> > which documents all these discussion we have. I don't have the time to
> > maintain it, so feel free to setup, as long as mention all arguments,
> > and try to keep the documentation neutral ;-)
> Don't think that a wiki will help much, as it's a development issue,.. I
> guess that we have to bring all "affected" maintainers (at least
> lvm2,mdadm,dm-crypt) to one table.
> I was about to write an email to all you guys,... describing the problem
> in detail, and asking what everybody would like to do,... but I can of
> course skip you if you're currently not interested.
> 
> 
> > this is a real problem, and I'm glad that you started the discussion
> > at the linux kernel mailinglist. It would be great to fix the shutdown
> > process in debian in a way that all keys are wiped from memory.
> If you're glad I don't understand why you dislike this bug...

I don't dislike the bug, just the introduction "this is rather for the
records, than a real bug." But never mind, that's not important at all.

> > both init scripts tell you that the to-be-stopped dm-crypt device is
> > still busy. Just run '/etc/init.d/cryptdisks stop' on your running
> > system to see what happens:
> > 
> > Stopping early crypto disks...cswap1 (busy)...ctemp1 (busy)...clvm1
> > (busy)...done.
> Ah ok,.. I know why I didn't notice... it seems you don't let the
> initscript action fail, if some were still busy. lvm2 does,.. so I see
> the big red "failed" ;)
> 
> 
> > I think that this already became clear in the discussion: remount,ro
> > should be enough to prevent data loss. But it's not enough security
> > wise, as the dm-crypt key still is in memory.
> Yes....
> 
> 
> > Next cryptsetup package upload should fix the boot/halt order of
> > cryptdisks(-early) initscripts for non-root encryption. But I don't
> > know
> > a solution for encrypted root devices, and I've never heard about
> > haltramfs or something like that.
> I guess the best idea is if we discuss the security thingy for
> root-devices at lkml.
> 
> 
> May I propose, that if doing cryptdisks-[early] stop,... and some
> devices could not be stopped, you give an status of failure back.
> Then it will be more clear that this action has failed,... and I guess
> we can close this bug.

agreed, but only for cryptdisks-early. 'cryptdisks stop' is invoked
at first in shutdown process, and it's intended to allow dm-crypt
devices to be busy, for example if they contain lvm volumes.

I just  tried to implement this in svn trunk. Would be great if you
could test it.

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20100627/74b6d4e1/attachment.pgp>

More information about the pkg-cryptsetup-devel mailing list