You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When openmediavault-luksencryption is applied to a device like /dev/md0, it uses the whole device instead of a partition that covers the whole device.
I was so unlucky as to have the automatic partition scanning of Linux to think that there existed two partitions /dev/md0p1 and /dev/md0p2 on my device with 1.5 TByte and 750 GByte each. I think this was because of a random combination of data in the LUKS header or in the content itself. When I tested via parted, there was no valid label on the device.
This led to many problems:
In the GUI RAID overview, those devices were shown. After I verified that they devices were unneeded, I tried to remove them in the GUI, thereby removing /dev/md0 as well. Probably the mere existence of these devices would have destroyed the drive content anyway as the recovery of those devices had not begun yet.
Upon a reboot, when the RAID5 buildup was not finished yet, the rebuild did not continue, saying "resync=PENDING".
Since I think that one cannot disable probing for partitions, the proper way of handling this would be to create a GPT disk label and a large partition covering the whole device and put the LUKS containers into that partition. When I tried this manually, I could not choose the partition for encryption via the GUI.
You cannot rely on "random data" on a device not to trigger this behaviour.
To Reproduce
Probably hard, because of random LUKS key material.
Expected behavior
LUKS containers should only be created on partitions, not on raw devices in order to not make system components think that there partitions which are in fact not there (i.e. LUKS headers or data misinterpreted for partition info).
Describe the bug
When openmediavault-luksencryption is applied to a device like /dev/md0, it uses the whole device instead of a partition that covers the whole device.
I was so unlucky as to have the automatic partition scanning of Linux to think that there existed two partitions /dev/md0p1 and /dev/md0p2 on my device with 1.5 TByte and 750 GByte each. I think this was because of a random combination of data in the LUKS header or in the content itself. When I tested via parted, there was no valid label on the device.
This led to many problems:
In the GUI RAID overview, those devices were shown. After I verified that they devices were unneeded, I tried to remove them in the GUI, thereby removing /dev/md0 as well. Probably the mere existence of these devices would have destroyed the drive content anyway as the recovery of those devices had not begun yet.
Upon a reboot, when the RAID5 buildup was not finished yet, the rebuild did not continue, saying "resync=PENDING".
Since I think that one cannot disable probing for partitions, the proper way of handling this would be to create a GPT disk label and a large partition covering the whole device and put the LUKS containers into that partition. When I tried this manually, I could not choose the partition for encryption via the GUI.
You cannot rely on "random data" on a device not to trigger this behaviour.
To Reproduce
Probably hard, because of random LUKS key material.
Expected behavior
LUKS containers should only be created on partitions, not on raw devices in order to not make system components think that there partitions which are in fact not there (i.e. LUKS headers or data misinterpreted for partition info).
Reference to Forum
https://forum.openmediavault.org/index.php?thread/47821-bug-report-openmediavault-luksencryption-unsafe-usage-of-devices-instead-of-part/
openmediavault Server (please complete the following information):
Client (please complete the following information):
none
The text was updated successfully, but these errors were encountered: