无法将LUKS密钥添加到加密交换中
无法将LUKS密钥添加到加密交换中
提问于 2019-03-06 03:45:09
出于某种原因,我无法在加密的交换中添加密钥。
我的/etc/crypttab:
swap_crypt /dev/disk/by-partuuid/c4f049d5-ae21-44d6-b753-6e72b7e21770 none luks,swap,discard,keyscript=decrypt_keyctl
root_crypt UUID=26f3c181-e041-47f2-929b-de631a2f1d3f none luks,discard,keyscript=decrypt_keyctl因此,要识别这些磁盘:
# ls -l /dev/disk/by-partuuid/c4f049d5-ae21-44d6-b753-6e72b7e21770
lrwxrwxrwx 1 root root 15 Mar 5 22:34 /dev/disk/by-partuuid/c4f049d5-ae21-44d6-b753-6e72b7e21770 -> ../../nvme0n1p7# blkid |grep 26f3c181-e041-47f2-929b-de631a2f1d3f
/dev/nvme0n1p8: UUID="26f3c181-e041-47f2-929b-de631a2f1d3f" TYPE="crypto_LUKS" PARTUUID="b178ae44-cf49-4dce-b7b5-293c9c0bb9c7"所以我知道我的交换是在/dev/nvme0n1p7上的,我的根是/dev/nvme0n1p8。
现在,当我尝试为root添加键时:
# cryptsetup luksAddKey /dev/nvme0n1p8
Enter any existing passphrase:但是,对于交换,一切都很好:
# cryptsetup luksAddKey /dev/nvme0n1p7它就这样离开了。更多一些信息:
# cryptsetup luksAddKey -v --debug /dev/nvme0n1p7
# cryptsetup 2.0.2 processing "cryptsetup luksAddKey -v --debug /dev/nvme0n1p7"
# Running command luksAddKey.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/nvme0n1p7.
# Trying to open and read device /dev/nvme0n1p7 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/nvme0n1p7.
# Crypto backend (gcrypt 1.8.1) initialized in cryptsetup library version 2.0.2.
# Detected kernel Linux 5.0.0-050000-generic x86_64.
# Loading LUKS2 header.
# Opening lock resource file /run/cryptsetup/L_259:7
# Acquiring read lock for device /dev/nvme0n1p7.
# Verifying read lock handle for device /dev/nvme0n1p7.
# Device /dev/nvme0n1p7 READ lock taken.
# Trying to read primary LUKS2 header at offset 0.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 8192.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 16384.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 32768.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 65536.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 131072.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 262144.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 524288.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 1048576.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 2097152.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 4194304.
# Opening locked device /dev/nvme0n1p7
# Veryfing locked device handle (bdev)
# LUKS2 header read failed (-22).
# Device /dev/nvme0n1p7 READ lock released.
# Releasing crypt device /dev/nvme0n1p7 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).知道问题出在哪里吗?
回答 1
Unix & Linux用户
回答已采纳
发布于 2019-03-15 14:29:18
所以我终于自己解决了这个问题。对于任何遇到这种情况的人,请确保在运行cryptsetup status /dev/mapper/<device>时,类型是LUKS1而不是PLAIN。看起来Ubuntu安装程序是不正确的,因此标准的LUKS命令无法在设备上工作。由于它是交换,我能够重新正确地加密,现在一切顺利。
页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/504612
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号