[pkg-cryptsetup-devel] Bug#722509: Still not working correctly

Claudio Moretti flyingstar16 at gmail.com
Tue Mar 4 22:39:48 UTC 2014


Hi Jonas,

first of all, thanks for adding this option!

I am still encountering some issue, though: prechecks are failing at boot
time, because blkid does not recognize neither /dev/sda nor /dev/sda1 as
truecrypt disks (those are tcrypt-system disks).
I can "cheat" by adding "precheck=/bin/true", but even when passing those I
can't unlock my disk.

I was trying to patch the cryptdisks.functions file to add support for
"tcryptsystem", which IMHO/AFAIK is just

209,212d208
<         tcryptsystem)
<             USETCRYPT="yes"
<             TCRYPTPARAMS="$TCRYPTPARAMS --tcrypt-system"
<             ;;

when I came across cryptsetup's man page, which states that keyfiles in
truecrypt are different than LUKS keyfiles, and therefore cannot be used in
the same way.
However, even if I set "none" in crypttab's line, when I invoke
cryptdisks_start I get a "Failed to open key file" even if I put the
correct password in.

root at Chuck:/lib/cryptsetup# cryptdisks_start truecrypt
[....] Starting crypto disk...[info] truecrypt (starting)...
Unlocking the disk /dev/sda (truecrypt)
Enter passphrase: Failed to open key file.
Unlocking the disk /dev/sda (truecrypt)
Enter passphrase: Failed to open key file.
Unlocking the disk /dev/sda (truecrypt)
[FAIL passphrase: truecrypt (failed)...failed.


Could you please take a look when you have the time?
I should also point out - even if it's probably unrelated - that trying to
unlock my disk manually even if the disk is not in use tells me that it is.
tcrypt-system disks like mine require you to use the whole disk as a device
(i.e. /dev/sda, not a partition like /dev/sdaX) so probably that's why this
happens:

root at Chuck:/home/claudio# cryptsetup open --type=tcrypt --tcrypt-system
/dev/sda truecrypt
Enter passphrase:
Cannot use device /dev/sda which is in use (already mapped or mounted).

I can (weirdly) make it work by using cryptsetup 1.7.0-git from a local
folder
root at Chuck:/home/claudio# ./projects/cryptsetup/src/cryptsetup open
--type=tcrypt --tcrypt-system /dev/sda truecrypt
Enter passphrase:
root at Chuck:/home/claudio# ls /dev/mapper/truecrypt
/dev/mapper/truecrypt


I don't know if this will have any impact on treucrypt unlocking at boot
time, though.

Thanks!

Claudio

P.S., FYI, I'm not sure, but I think that
 tcrypthidden)
                        TCRYPTPARAMS="$TCRYPTPARAMS --tcrypt-hidden"
                        ;;

is missing USETCRYPT="yes"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20140304/704955a6/attachment.html>


More information about the pkg-cryptsetup-devel mailing list