Using non-LUKS loopback encryption in 11.3

dsosnoski · August 6, 2010, 7:41am

I’ve got some old drives using pre-LUKS loopback encryption, and I’m having problems mounting them on OpenSUSE 11.3. What I expected to work, based on past experiences with other distributions, is something along the lines of:

mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256

When I try this I’m asked for the password, but then get the message “ioctl: LOOP_SET_STATUS: Invalid argument”. Anyone have a clue what could be going wrong, or how I can best access these drives from OpenSUSE?

oxala · August 6, 2010, 9:05am

Hello,

Leave off the “=/dev/loop1”. If I correctly remember the documentation … mount will then choose and/or create the next available loop device in /dev. I ran into a similar issue in 11.2 … not with an older crypted filesystem, but with a crypt file created on 11.2.

If you can’t get mount to cooperate with you, try fusermount. It seems to work better than plain mount for loop devices in general.

Good luck!

cwight

dsosnoski · August 6, 2010, 11:55am

Leaving off the =/dev/loop1" has no effect. I have tried various combinations of settings, both using mount and using losetup.

losetup -e aes -k 256 /dev/loop0 /dev/sdc11

seems to come the closest to working, actually attaching to the partition. The data is bad, though, which which causes the subsequent mount operation to fail to find the file system. I’m thinking this is probably caused by a difference in the hash function used by losetup. I’ve tried the hash function options listed in the losetup documentation, so far without success.

user · August 6, 2010, 12:25pm

On 2010-08-06 08:06, dsosnoski wrote:
>
> I’ve got some old drives using pre-LUKS loopback encryption, and I’m
> having problems mounting them on OpenSUSE 11.3. What I expected to work,
> based on past experiences with other distributions, is something along
> the lines of:
>
> mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256
>
> When I try this I’m asked for the password, but then get the message
> “ioctl: LOOP_SET_STATUS: Invalid argument”. Anyone have a clue what
> could be going wrong, or how I can best access these drives from
> OpenSUSE?
>
>

You can create an /etc/cryptotab file (different than the crypttab used for LUKS). I have one in my
11.0, recently upgraded to 11.2, but I haven’t tried it in 11.3:

/dev/loop0 /dev/disk/by-id/ata-ST…-part15 /data/crp xfs
twofish256 noatime,nodiratime

You have to adapt it, of course.

Mmm… I see I also have an entry in fstab for the same partition:

/dev/disk/by-id/ata-ST…-part15 /data/crp xfs
loop,noauto,user,encryption=twofish256,noatime,nodiratime
1 2

I don’t know at the moment which one is the working entry. :-}
I think it is the first one.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))

dsosnoski · August 6, 2010, 1:00pm

I just got this to work, after a lot of searching. The way I did it was to use cryptsetup:

cryptsetup -y -c aes -h sha512 -s 256 create external /dev/sdc11
mount -t ext3 /dev/mapper/external tmp

According to one of the references I found, I could make this permanent by adding a line to /etc/crypttab for the cryptsetup and one to fstab for the mount. In my case I only want to have transient access, so I’m not going to try out that part.

oxala · August 6, 2010, 4:49pm

Hello dsonoski,

I glad you were able to get working.

Thanks for posting the solution. I don’t think it would have occurred to me to try dm via cryptsetup. Interesting thread!

Have a great day!