Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encrypted swap is not recognized #916

Open
jelly opened this issue Sep 17, 2021 · 6 comments · May be fixed by #1339
Open

encrypted swap is not recognized #916

jelly opened this issue Sep 17, 2021 · 6 comments · May be fixed by #1339
Labels
enhancement help wanted

Comments

@jelly
Copy link
Contributor

jelly commented Sep 17, 2021

My laptop has a LUKS encrypted swap partition which udisks does not recognize as either swap or encrypted partition

/org/freedesktop/UDisks2/block_devices/nvme0n1p2:
  org.freedesktop.UDisks2.Block:
    Configuration:              []
    CryptoBackingDevice:        '/'
    Device:                     /dev/nvme0n1p2
    DeviceNumber:               66306
    Drive:                      '/org/freedesktop/UDisks2/drives/Micron_MTFDHBA256TDV_21112DDAD49E'
    HintAuto:                   false
    HintIconName:
    HintIgnore:                 false
    HintName:
    HintPartitionable:          true
    HintSymbolicIconName:
    HintSystem:                 true
    Id:                         by-id-nvme-Micron_MTFDHBA256TDV_21112DDAD49E-part2
    IdLabel:
    IdType:
    IdUUID:
    IdUsage:
    IdVersion:
    MDRaid:                     '/'
    MDRaidMember:               '/'
    PreferredDevice:            /dev/nvme0n1p2
    ReadOnly:                   false
    Size:                       8589934592
    Symlinks:                   /dev/disk/by-id/nvme-Micron_MTFDHBA256TDV_21112DDAD49E-part2
                                /dev/disk/by-id/nvme-eui.000000000000000100a075212ddad49e-part2
                                /dev/disk/by-partlabel/cryptswap
                                /dev/disk/by-partuuid/456d4f0a-f07b-4637-b12c-ef51226553f0
                                /dev/disk/by-path/pci-0000:2e:00.0-nvme-1-part2
    UserspaceMountOptions:
  org.freedesktop.UDisks2.Partition:
    Flags:              0
    IsContained:        false
    IsContainer:        false
    Name:               cryptswap
    Number:             2
    Offset:             537919488
    Size:               8589934592
    Table:              '/org/freedesktop/UDisks2/block_devices/nvme0n1'
    Type:               0657fd6d-a4ab-43c4-84e5-0933c84b4f4f
    UUID:               456d4f0a-f07b-4637-b12c-ef51226553f0

lsblk does show it correctly

NAME        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1     259:0    0 238.5G  0 disk
├─nvme0n1p1 259:1    0   512M  0 part  /boot
├─nvme0n1p2 259:2    0     8G  0 part
│ └─swap    254:1    0     8G  0 crypt [SWAP]
└─nvme0n1p3 259:3    0   230G  0 part
@vojtechtrefny
Copy link
Member

The partition should be recognized as a LUKS device (IdUsage should be crypto and IdType crypto_LUKS), the dm-crypt device (/dev/mapper/swap in your case) should be the one with a swap interface. What blkid and udev show about the partition? sudo blkid -p /dev/nvme0n1p2 and udevadm info /dev/nvme0n1p2

@jelly
Copy link
Contributor Author

jelly commented Sep 20, 2021 

[jelle@t14s][~]%sudo blkid -p /dev/nvme0n1p2
/dev/nvme0n1p2: PART_ENTRY_SCHEME="gpt" PART_ENTRY_NAME="cryptswap" PART_ENTRY_UUID="456d4f0a-f07b-4637-b12c-ef51226553f0" PART_ENTRY_TYPE="0657fd6d-a4ab-43c4-84e5-0933c84b4f4f" PART_ENTRY_NUMBER="2" PART_ENTRY_OFFSET="1050624" PART_ENTRY_SIZE="16777216" PART_ENTRY_DISK="259:0"

[jelle@t14s][~]%udevadm info /dev/nvme0n1p2
P: /devices/pci0000:00/0000:00:1d.4/0000:2e:00.0/nvme/nvme0/nvme0n1/nvme0n1p2
N: nvme0n1p2
L: 0
S: disk/by-path/pci-0000:2e:00.0-nvme-1-part2
S: disk/by-partuuid/456d4f0a-f07b-4637-b12c-ef51226553f0
S: disk/by-id/nvme-Micron_MTFDHBA256TDV_21112DDAD49E-part2
S: disk/by-id/nvme-eui.000000000000000100a075212ddad49e-part2
S: disk/by-partlabel/cryptswap
E: DEVPATH=/devices/pci0000:00/0000:00:1d.4/0000:2e:00.0/nvme/nvme0/nvme0n1/nvme0n1p2
E: DEVNAME=/dev/nvme0n1p2
E: DEVTYPE=partition
E: PARTN=2
E: PARTNAME=cryptswap
E: MAJOR=259
E: MINOR=2
E: SUBSYSTEM=block
E: USEC_INITIALIZED=20766416
E: ID_SERIAL_SHORT=21112DDAD49E
E: ID_WWN=eui.000000000000000100a075212ddad49e
E: ID_MODEL=Micron MTFDHBA256TDV
E: ID_REVISION=3009P4LN
E: ID_SERIAL=Micron_MTFDHBA256TDV_21112DDAD49E
E: ID_PATH=pci-0000:2e:00.0-nvme-1
E: ID_PATH_TAG=pci-0000_2e_00_0-nvme-1
E: ID_PART_TABLE_UUID=258ae1e3-248d-455f-b55a-75dc024c0b5d
E: ID_PART_TABLE_TYPE=gpt
E: ID_PART_ENTRY_SCHEME=gpt
E: ID_PART_ENTRY_NAME=cryptswap
E: ID_PART_ENTRY_UUID=456d4f0a-f07b-4637-b12c-ef51226553f0
E: ID_PART_ENTRY_TYPE=0657fd6d-a4ab-43c4-84e5-0933c84b4f4f
E: ID_PART_ENTRY_NUMBER=2
E: ID_PART_ENTRY_OFFSET=1050624
E: ID_PART_ENTRY_SIZE=16777216
E: ID_PART_ENTRY_DISK=259:0
E: DEVLINKS=/dev/disk/by-path/pci-0000:2e:00.0-nvme-1-part2 /dev/disk/by-partuuid/456d4f0a-f07b-4637-b12c-ef51226553f0 /dev/disk/by-id/nvme-Micron_MTFDHBA256TDV_21112DDAD49E-part2 /dev/disk/by-id/nvme-eui.000000000000000100a075212ddad49e-part2 /dev/disk/by-partlabel/cryptswap
E: TAGS=:systemd:
E: CURRENT_TAGS=:systemd:

@vojtechtrefny
Copy link
Member

Weird, even blkid won't detect the LUKS header on /dev/nvme0n1p2. Is this a detached header setup or plain mode? How did you create the encrypted swap?

@jelly
Copy link
Contributor Author

jelly commented Sep 21, 2021

Ah!

cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap
mkswap -L swap /dev/mapper/swap
swapon -L swap

In /etc/crypttab

cryptswap        /dev/disk/by-partlabel/cryptswap        /dev/urandom        swap,offset=2048,cipher=aes-xts-plain64,size=256

@vojtechtrefny
Copy link
Member

Yes, that explains it. Plain doesn't have a header so we don't detect it as a encrypted device. There are two things we can use in UDisks: the crypttab entry and the fact the device is open so we can use the dm-crypt device to mark the backing device as encrypted. Definitely something we can look into in the future but for now UDisks behaves as expected (unfortunately).

@jelly
Copy link
Contributor Author

jelly commented Sep 25, 2021

Thanks for the information.

@ksimuk ksimuk mentioned this issue Jan 15, 2024
Open
@GovanifY GovanifY linked a pull request Jan 12, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

udiskslinuxblock: check recursively for CryptoBackingDevice GovanifY/udisks
3 participants
@jelly @vojtechtrefny @tbzatek