Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Based on the terminal results above, what words would have appeared each time I successfully decrypted the LUKS volume each reboot? Something about successfully decrypting sda3_crypt or Live-OS-vg or something else? What does yours say in relation to the terminal results you get?
Does a master key exist on a backup of the system files? Can it be generated from files there? - Again, I have all the system files backed up.
Last edited by qelpp; 06-10-2020 at 12:05 AM.
Reason: typo
what words would have appeared each time I successfully decrypted the LUKS volume each reboot?
I don't encrypt my data, but from tests I ran I know that you would see the logical volume listed in blkid, with a filesystem UUID and a type of XFS or ext4 (or another filesystem type, but these two are the most common ones). The lsblk output would show /dev/mapper/live-os-something mounted on /.
Quote:
Does a master key exist on a backup of the system files? Can it be generated from files there? - Again, I have all the system files backed up.
The master key is contained in the LUKS header. The header is not automatically written to a file. It is your responsibility to back it up with cryptsetup luksHeaderBackup and store the backup file outside of the encrypted filesystem (and outside of reach of anybody who has an interest in decrypting your disk).
what words would have appeared each time I successfully decrypted the LUKS volume each reboot?
I don't encrypt my data, but from tests I ran I know that you would see the logical volume listed in blkid, with a filesystem UUID and a type of XFS or ext4 (or another filesystem type, but these two are the most common ones). The lsblk output would show /dev/mapper/live-os-something mounted on /.
Quote:
Does a master key exist on a backup of the system files? Can it be generated from files there? - Again, I have all the system files backed up.
The master key is contained in the LUKS header. The header is not automatically written to a file. It is your responsibility to back it up with cryptsetup luksHeaderBackup and store the backup file outside of the encrypted filesystem (and outside of reach of anybody who has an interest in decrypting your disk).
This means that sda3 has a LUKS header with UUID df736320-c6fa-49c8-af42-7b3658b73a73. The device mapper device /dev/mapper/sda3_crypt contains an LVM header with UUID grQVpf-NLQp-yubt-FKw6-0Mmc-PT1q-KSBbLD. This is a physical volume.
lsblk shows that there are two logical volumes on that physical volume:
Code:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 1.4G 1 loop /rofs
sda 8:0 0 223.6G 0 disk
├─sda1 8:1 0 512M 0 part
├─sda2 8:2 0 732M 0 part /media/root/25bc771f-565d-4ca9-b96c-a2bf6b8e51
└─sda3 8:3 0 222.4G 0 part
└─sda3_crypt 253:0 0 222.4G 0 crypt
├─Live--OS--vg-root
│ 253:1 0 221.4G 0 lvm
└─Live--OS--vg-swap_1
253:2 0 976M 0 lvm
After booting from sda (if that were possible), lsblk would report Live--OS--vg-root mounted on /.
I don't know what other messages you would see.
If a filesystem existed on Live--OS--vg-root, blkid would report it. The fact that it doesn't report it makes me think there is no filesystem. You can still try to mount it: Use the lvs command to list logical volumes, and try to mount /dev/mapper/Live--OS--vg-root.
Last edited by berndbausch; 06-10-2020 at 12:42 AM.
Usually, I have had the issue of not correctly guessing what to enter as a mount point.
Code:
root@Live-OS:~# mount /dev/mapper/Live-OS-vg /sda3_crypt
mount: /sda3_crypt: mount point does not exist.
root@Live-OS:~# mount -a sda3_crypt
root@Live-OS:~# sudo mkdir /dev/mapper/Live-OS-vg-root
root@Live-OS:~# sudo mount /dev/mapper/sda3_crypt /sda3_crypt
mount: /sda3_crypt: mount point does not exist.
root@Live-OS:~# sudo mount /dev/mapper/sda3 /sda3_crypt
mount: /sda3_crypt: mount point does not exist.
Last edited by qelpp; 06-10-2020 at 10:08 AM.
Reason: added fstab contents
mkdir /var/tmp/anywhere
mount /dev/mapper/Live-OS-vg /var/tmp/anywhere
When you get the message that the mountpoint doesn't exist, create it and try again.
Regarding your other questions: Pool, origin etc are for LVM features like thin pools and snapshots. Irrelevant here.
luks-df... is the way of the lsblk tool to say that there is a LUKS header with UUID df...
LVM2_me: I would have to guess. LVM2 probably refers to the second revision of the LVM implementation, which is the current standard.
root@Live-OS:~# mount /dev/mapper/Live-OS-vg /sda3_crypt
mount: /sda3_crypt: mount point does not exist.
root@Live-OS:~# mount -a sda3_crypt
root@Live-OS:~# sudo mkdir /dev/mapper/Live-OS-vg-root
root@Live-OS:~# sudo mount /dev/mapper/sda3_crypt /sda3_crypt
mount: /sda3_crypt: mount point does not exist.
root@Live-OS:~# sudo mount /dev/mapper/sda3 /sda3_crypt
mount: /sda3_crypt: mount point does not exist.
mount -a mounts anything that is recorded in /etc/fstab. Since your encrypted disk is not in /etc/fstab, it's not a useful command here. sudo mkdir /dev/mapper/Live-OS-vg-root is quite irrelevant as well. You should not create subdirectories under /dev/mapper.
You repeat mount /dev/mapper/sda3 /sda3_crypt, always getting the same error message. The message is actually rather clear (better than "an unknown error occurred", for example). Before mounting a filesystem, the mountpoint (a directory) must exist. It doesn't exist, therefore the error message. You need to create it.
Better refrain from issuing random commands that you don't understand. Follow the instructions:
Code:
# mkdir /sda3_crypt
# mount /dev/mapper/sda3_crypt /sda3_crypt
My fear is that this will fail, since no filesystem seems to exist on /dev/mapper/sda3_crypt, but it's worth trying.
Last edited by berndbausch; 06-10-2020 at 07:11 PM.
root@Live-OS:~# mkdir /sda3_crypt
root@Live-OS:~# mount /dev/mapper/sda3_crypt /sda3_crypt
mount: /sda3_crypt: special device /dev/mapper/sda3_crypt does not exist.
root@Live-OS:~#
Yes, it did fail.
Is it a special device because it is a LVM/LUKS "mapper" association? Or some other reason?
root@Live-OS:~# mkdir /sda3_crypt
root@Live-OS:~# mount /dev/mapper/sda3_crypt /sda3_crypt
mount: /sda3_crypt: special device /dev/mapper/sda3_crypt does not exist.
root@Live-OS:~#
Yes, it did fail.
This is strange, because earlier, your blkid output contained this line:
What has changed since you entered the blkid command?
Quote:
Is it a special device because it is a LVM/LUKS "mapper" association? Or some other reason?
I don't know what you mean by special device. /dev/mapper/sda3_crypt is not a physical device, but is created by the device mapper crypto module in the kernel. sda3, the physical device, contains encrypted data. /dev/mapper/sda3_crypt decrypts data when you read from sda3, and encrypts data when you write to it.
However, as you can see it doesn't exist. A plausible explanation: You rebooted the computer and have not yet run cryptsetup open.
I am confused myself after all the back and forth. /dev/mapper/sda3_crypt contains a physical volume, not a filesystem. You can't mount it, even when it exists.
So:
cryptsetup open --type luks ....
mkdir /mymountpoint
mount /dev/Live-OS-vg/root /mymountpoint
(you could also mount /dev/mapper/something, but I am not sure what something might be)
As I said, the last command is probably going to fail, since I have no hope that a filesystem was created on /dev/Live-OS-vg/root.
I must admit I got somewhat addled trying to plough through this thread. At least twice.
The "lsblk -f" should show fstype for both the root and swap. The fact that it doesn't possibly indicates that somehow you managed to retain valid LUKS and LVM metadata, but trashed (at least) the start of the actual data portion of the vg (?). I guess it's also possible some of the metadata is wrong but not invalid - I've had that happen with corrupted partition tables. Just keeps sending you up dead-ends.
I would be heading for a backup and maybe invest sometime in something like photorec to retrieve anything that had been updated. From experience I can tell you that can be a long and tedious process.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
