[dm-devel] encrypted filesystem not encrypted?

Jonathan Brassow jbrassow at redhat.com
Wed Aug 1 14:42:38 UTC 2007


I'm guessing that you are bypassing your crypt device.  Depends on  
what your arguments are to the LVM commands.

cryptsetup will create a new device that sits on top of sda3 - you  
should use that one.  Do not use sda3 directly.

  brassow

On Jul 31, 2007, at 8:08 PM, chris wrote:

> Hi all,
>
> I was not sure which list to send this to, so I choose a couple  
> that looked like decent fits, please advise if there is one more  
> specific to the encryption.
>
> I am currently working on a project where we are converting some of  
> our filesystems to an encrypted fs using LVM2.  We are running  
> RHEL:  "2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 12 17:59:08 EDT 2007 i686  
> i686 i386 GNU/Linux"
>
> We setup an encrypted filesystem using one of the open partitions  
> on the physical hard drive using "cryptsetup create /dev/sda3"  We  
> have verified this using the cryptsetup status, This shows the  
> filesystem as being encrypted as aes_plain 256 bit key.  We then  
> created an LVM and mounted the filesystem using the LVM.
>
> All seems to be well, except when our testers ran the following  
> command:
> head -c 5000 /dev/sda3
>
> They got some output that includes clear text and obviously not  
> encrypted data (along with encrypted data).  Some things are date  
> formatted strings like 20050912 which appears quite a few times in  
> the mounted filesystem, and in the raw device (/dev/sda3).
>
> I can post the exact commands that were used to create the  
> filesystem, but they are basically
> create partition ...sda3
> cryptsetup create /dev/sda3 (prompts for passphrase)
> pvcreate
> vgcreate
> lvcreate
> mount
>
> (TIA) any help (or light shed on this) is greatly appreciated!
>
> -chris
>
> --
> dm-devel mailing list
> dm-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/dm-devel




More information about the dm-devel mailing list