[Whonix-devel] [dm-crypt] Troubleshooting: Header Conversion to argon2id

procmem procmem at riseup.net
Fri Sep 14 02:21:00 CEST 2018 


Guilhem Moulin:
> On Thu, 13 Sep 2018 at 14:22:00 +0000, procmem wrote:
>> Ondrej Kozina:
>>> Well, this sounds like a bug. Could you please provide us with debug
>>> output for failing command trying to luksConvertKey that particular
>>> keyslot?
>>
>> Sure thing but I don't know how to access initramfs command history.
>> Unlike a booted-up environment there is no opportunity to scroll and
>> select entire output for saving.
> 
> You can redirect the output to a file under /run/initramfs.  /run is
> moved to the rootfs at init-bottom stage, shortly before the execution
> is turned over to the `init` binary, so content added at early boot
> stage will also be available later during the boot process.
> 
> (Again, assuming your initramfs is comes from initramfs-tools, which is
> the default in Debian — and I guess its derivatives.)
> 

OK here are the contents of the redirected output:


# cryptsetup 2.0.4 processing "cryptsetup luksConvertKey --key-slot 1
--pbkdf argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576
--pbkdf-parallel 4 /dev/vda5 --debug"
# Running command luksConvertKey.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/vda5.
# Trying to open and read device /dev/vda5 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS2 crypt type from device /dev/vda5.
# Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library
version 2.0.4.
# Detected kernel Linux 4.18.0-1-amd64 x86_64.
# Loading LUKS2 header (repair disabled).
# Opening lock resource file /run/cryptsetup/L_254:5
# Acquiring read lock for device /dev/vda5.
# Verifying read lock handle for device /dev/vda5.
# Device /dev/vda5 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/vda5
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
#
Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815
(on-disk)
#
Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815
(in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Opening locked device /dev/vda5
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
#
Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933
(on-disk)
#
Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933
(in-memory)
# Device size 53429141504, header size 2097152.
# Device /dev/vda5 READ lock released.
# Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2.
# Not enough physical memory detected, PBKDF max memory decreased from
1048576kB to 506328kB.
# PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb
506328, parallel_threads 2.
# Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2.
# Not enough physical memory detected, PBKDF max memory decreased from
1048576kB to 506328kB.
# PBKDF argon2id, hash sha256, time_ms 2000 (iterations 50),
max_memory_kb 506328, parallel_threads 2.
# Interactive passphrase entry requested.
# Changing passphrase from old keyslot 1 to new 1.
# Reloading LUKS2 header (repair disabled).
# Opening lock resource file /run/cryptsetup/L_254:5
# Acquiring read lock for device /dev/vda5.
# Verifying read lock handle for device /dev/vda5.
# Device /dev/vda5 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/vda5
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
#
Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815
(on-disk)
#
Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815
(in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Opening locked device /dev/vda5
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
#
Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933
(on-disk)
#
Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933
(in-memory)
# Device size 53429141504, header size 2097152.
# Device /dev/vda5 READ lock released.
# Releasing crypt device /dev/vda5 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).

More information about the Whonix-devel mailing list