[solved] luksFormat - doesn't work on a partition?

highend · May 6, 2020, 10:21pm

Hi,

somehow I don’t get it…
Nixos 20.03, sudo su was executed before to get root permissions

cryptsetup luksFormat /dev/sda4 -c aes-xts-plain64:sha256 -s 256

WARNING!
========
This will overwrite data on /dev/sda4 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sda4:
Verify passphrase:

cryptsetup luksOpen /dev/sda4 ssd-crypt
Device /dev/sda4 is not a valid LUKS device.

parted output:
(parted) print
Model: ATA CT500MX500SSD4 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system  Name     Flags
 1      1049kB  537MB   536MB   fat16        ESP      boot, esp
 2      537MB   34.9GB  34.4GB  ext4         primary
 3      34.9GB  69.3GB  34.4GB  ext4         primary
 4      69.3GB  500GB   431GB                primary

What’s wrong here?

JohnAZoidberg · May 7, 2020, 8:17am

Hm, LUKS should work on a partition.

What if you use the simple open command?
cryptsetup open /dev/sd4 ssd-crypt

What does lsblk -fsay? Is sda4 of FSTYPE crypto_LUKS?

highend · May 7, 2020, 8:27am

For the record: Now sda / sdb have changed sigh

So:

lsblk -f

NAME   FSTYPE LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINT
sda
sdb
├─sdb1 vfat   EFI   A220-A254                             483.1M     5% /boot
├─sdb2 ext4   root  6ecc91bd-c092-40bb-9a85-9ac7fc7927d3   26.2G    11% /
├─sdb3 ext4   home  098bd86f-1cf7-48f4-92dd-20c7356c1fc2   29.6G     0% /home
└─sdb4


cryptsetup luksFormat /dev/sdb4 -c aes-xts-plain64:sha256 -s 256

WARNING!
========
This will overwrite data on /dev/sdb4 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sdb4:
Verify passphrase:

After that, lsblk -f has the exact same output, no FSTYPE crypto_LUKS for /dev/sdb4


cryptsetup open /dev/sdb4 ssd-crypt
Fails with: Device /dev/sdb4 is not a valid LUKS device.

highend · May 7, 2020, 9:51am

Ok, found the problem…

-c aes-xts-plain64:sha256

The

:sha256

must NOT be used here…

I’ve used the same commands on two different ODROID devices in the past and they worked fine. cryptsetup on Nixos doesn’t like that^^

Elorm · May 7, 2020, 10:59am

Right. I personally run my userspace setup with cryptsetup -c aes-xts-plain64 -h sha512 -s 512 —use-random Nixos plays nice