mounting the LUKS encrypted disk for troubleshooting
13 views
Skip to first unread message
Samuel Vange
Apr 6, 2017, 2:06:30 PM4/6/17
to SIMP Users
I built my SIMP master with disk encryption in a virtual environment. The virtual environment needed some work and my VM was moved. Since the machine was moved, my SIMP master refuses to boot. We've seen this problem a few times, but we never got to the bottom of it. It looks like the partitions on the encrypted partition are refusing to mount. I believe it may be because the UUIDs have changed (not verified).
What I'm trying to do now is mount my partitions on a rescue live image to recover my work. I've done the following:
1.) Attached the HD in question as the second disk on the rescue instance
2.) mounted /dev/sdb1 to /mnt/part1
This has what you might expect to see in /boot on the SIMP master (as expected)
3.) mounted /dev/sdb2 to /mnt/part2
This is empty, but I'd expect to see what's normally in /boot/efi.
I'd like to run 'cryptsetup open --type=luks --key-file=/mnt/part1/THE/KEYFILE /dev/sdb3 encrypted_partition', but I can't find the keyfile anywhere.
The SIMP master worked just fine (and rebooted just fine) before, indicating that the keyfile was where ever it was expected to be.
Please help me find my keyfile so that I can mount my encrypted partition and save our progress.
Thank you in advance!
What I'm trying to do now is mount my partitions on a rescue live image to recover my work. I've done the following:
1.) Attached the HD in question as the second disk on the rescue instance
2.) mounted /dev/sdb1 to /mnt/part1
This has what you might expect to see in /boot on the SIMP master (as expected)
3.) mounted /dev/sdb2 to /mnt/part2
This is empty, but I'd expect to see what's normally in /boot/efi.
I'd like to run 'cryptsetup open --type=luks --key-file=/mnt/part1/THE/KEYFILE /dev/sdb3 encrypted_partition', but I can't find the keyfile anywhere.
The SIMP master worked just fine (and rebooted just fine) before, indicating that the keyfile was where ever it was expected to be.
Please help me find my keyfile so that I can mount my encrypted partition and save our progress.
Thank you in advance!
Trevor Vaughan
Apr 6, 2017, 2:29:40 PM4/6/17
to Samuel Vange, SIMP Users
HI Samuel,
The keyfile, by default, is embedded in the initrd in /boot. Did you move the *entire* VM, or was is just a data remount?
Thanks,
Trevor
--
You received this message because you are subscribed to the Google Groups "SIMP Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simp-users+unsubscribe@googlegroups.com.
To post to this group, send email to simp-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp-users/aeefef16-0ed6-4108-9f11-25204efde226%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Trevor Vaughan
Vice President, Onyx Point, Inc
Vice President, Onyx Point, Inc
-- This account not approved for unencrypted proprietary information --
Samuel Vange
Apr 6, 2017, 2:53:58 PM4/6/17
to SIMP Users, samue...@gmail.com
The entire VM was moved. At this point, I'm trying to rescue our work from a clone while we try to fix the original VM.
I've expanded all initramfs images on the first partition and looked in their respective directory trees, but I was unable to find any key file in there. I am unable to expand initrd-plymouth.img using cpio as I normally would.
Trevor Vaughan
Apr 6, 2017, 3:07:59 PM4/6/17
to Samuel Vange, SIMP Users
That's making me think that the initrd has become corrupted during the move and this is a serious issue.
The only place that password exists by default is in the relevant initrd file. If that is gone, I don't know of a way to recover the data.
Is there any way to get another copy of the original boot partition?
Trevor
To view this discussion on the web visit https://groups.google.com/d/msgid/simp-users/bbbaab75-5b75-442b-8366-e0b278b69761%40googlegroups.com.
Samuel Vange
Apr 6, 2017, 3:13:56 PM4/6/17
to SIMP Users, samue...@gmail.com
I was able to expand initrd-plymouth.img using 'zcat initrd-plymouth.img | cpio -iv', but still no luck. I can't find the key file in the resulting directory tree. Do you know what it's called? I've looked for files with the strings "key", "cred", "pass", and "crypt".
By the way, the only relevant files I see on the mounted boot partition are initramfs* and initrd-plymouth.img. I'm assuming the initrd is initrd-plymouth.img.
Also, when I mount the second partition (/boot/efi), it's empty. Is this expected?
Thanks!
By the way, the only relevant files I see on the mounted boot partition are initramfs* and initrd-plymouth.img. I'm assuming the initrd is initrd-plymouth.img.
Also, when I mount the second partition (/boot/efi), it's empty. Is this expected?
Thanks!
Trevor Vaughan
Apr 6, 2017, 3:25:23 PM4/6/17
to Samuel Vange, SIMP Users
Ok. I think that it is in the initramfs file. I apologize, I'm in my phone right now and will need to get back to a computer to verify.
Let me know if you can't find it there and I'll dig in more when I can.
Trevor
To view this discussion on the web visit https://groups.google.com/d/msgid/simp-users/87343c76-a344-46bd-84c3-5a9490cc3fd2%40googlegroups.com.
Samuel Vange
Apr 6, 2017, 3:27:43 PM4/6/17
to SIMP Users, samue...@gmail.com
Thank you Trevor. I'll keep looking and await your response.
Trevor Vaughan
Apr 6, 2017, 3:34:48 PM4/6/17
to Samuel Vange, SIMP Users
Samuel,
If you look at this file, you can see where we dump everything and how we do the LUKS setup.
Hopefully this helps.
Thanks,
Trevor
To view this discussion on the web visit https://groups.google.com/d/msgid/simp-users/4b277e44-0efe-47e2-b8d3-19c7f9caa6a8%40googlegroups.com.
Samuel Vange
Apr 6, 2017, 4:21:32 PM4/6/17
to SIMP Users, samue...@gmail.com
Ok, I got it. Here is the description of what I did for posterity:
1.) Spin up a rescue image (must have dracut installed on the live image) and add disk with encrypted volume to it. For this example the disk is /dev/sdb the boot partition is /dev/sdb1, and the encrypted partition is /dev/sdb3
2.) mkdir ~/staging; mkdir /mnt/{bootpart,rootpart}; cd ~/staging
3.) mount /dev/sdb1 /mnt/bootpart
4.) /usr/lib/dracut/skipcpio /mnt/bootpart/initramfs-3....img |zcat |cpio -id --no-absolute-filenames
5.) cryptsetup open --type=luks --key-file=~/staging/etc/.cryptcreds /dev/sdb3 encrypted_disk
6.) vgscan
7.) mount /dev/mapper/VolGroup00_RootVol /mnt/rootpart
At this point, the root partition is available on /mnt/rootpart. Similar process for all other partitions.
1.) Spin up a rescue image (must have dracut installed on the live image) and add disk with encrypted volume to it. For this example the disk is /dev/sdb the boot partition is /dev/sdb1, and the encrypted partition is /dev/sdb3
2.) mkdir ~/staging; mkdir /mnt/{bootpart,rootpart}; cd ~/staging
3.) mount /dev/sdb1 /mnt/bootpart
4.) /usr/lib/dracut/skipcpio /mnt/bootpart/initramfs-3....img |zcat |cpio -id --no-absolute-filenames
5.) cryptsetup open --type=luks --key-file=~/staging/etc/.cryptcreds /dev/sdb3 encrypted_disk
6.) vgscan
7.) mount /dev/mapper/VolGroup00_RootVol /mnt/rootpart
At this point, the root partition is available on /mnt/rootpart. Similar process for all other partitions.
Reply all
Reply to author
Forward
0 new messages