[pkg-cryptsetup-devel] Bug#809686: cryptsetup: --header plus UUID plus initramfs gives "Requested offset beyond size of device"

Milan Broz gmazyland at gmail.com
Sat Jan 2 21:52:29 UTC 2016


On 01/02/2016 10:02 PM, Benjamin Moody wrote:

...
> (although, incidentally, to make the third command work I also had to
> add 'loop' to /etc/initramfs-tools/modules - for some reason
> cryptsetup-in-initramfs uses a loopback device to read the header
> file, although cryptsetup-in-Debian doesn't.

Note
> # Userspace crypto wrapper cannot use aes-xts-plain64 (-95).
> # Using dmcrypt to access keyslot area.

The reason is that you are missing kernel userspace crypto API modules
in initram (af_alg, algif_skcipher, ...), then cryptsetup fall back to using
dmcrypt-device for keyslot processing (that requires loop driver).



But the real problem:
> === broken cryptsetup log ===
> Enter passphrase for /dev/disk/by-uuid/003b718b-69a5-4974-9a56-54fc07f3835e: 
> Requested offset is beyond real size of device /dev/disk/by-uuid/003b718b-69a5-4974-9a56-54fc07f3835e.

...
> # Key length 64, device size 4040 sectors, header size 4036 sectors.

Here apparently device size 4040 sectors is wrong (too small).

Please check where link /dev/disk/by-uuid/003b718b-69a5-4974-9a56-54fc07f3835e is pointing,
check with blockdev --getsz <dev>.

I would say that udev created link to used loop device instead of your ciphertext device.

(In fact, your command is wrong. If the underlying device has no LUKS header on it,
there cannot be link with LUKS UUID to it! I would guess you have old LUKS header
on it as well so witout loop activated it work by chance..)

Milan



More information about the pkg-cryptsetup-devel mailing list