cryptsetup refuses to luksFormat?
Josef Wolf
jw at raven.inka.de
Fri Oct 13 23:51:06 UTC 2023
Hello,
I want to encrypt the whole disk (including boot) on ubuntu-2204 as described on
https://discourse.maas.io/t/deploying-servers-with-full-disk-encryption-luks2/3286
So I enter following commands:
# mount -o remount,ro /boot
# install -m0600 /dev/null /tmp/boot.tar
# tar -C /boot --acls --xattrs --one-file-system -cf /tmp/boot.tar .
# umount /boot/efi
# umount /boot
# cryptsetup -y luksFormat --type luks1 /dev/nvme0n1p3
WARNING: Device /dev/nvme0n1p3 already contains a 'ext4' superblock signature.
WARNING!
========
This will overwrite dataon /dev/nvme0n1p3 irrevocably.
Are you sure? (Type 'yes' in capital letters); YES
Device /dev/nvme0n1p3 is in use. Cannot proceed with format operation.
Uh, not what I expected. So i start to investigate:
# grep /dev/nvme0n1p3 /proc/mounts
# lsof | grep /dev/nvme0n1p3
# lsof /dev/nvme0n1p3
# fuser /dev/nvme0n1p3
So:
- umount succeeded
- /proc/mounts, lsof, fuser don's show any sign that the partition is in use
BUT:
strace cryptsetup luksFormat --type luks1 /dev/nvme0n1p3 2>&1 | \
egrep '(nvme0n1p3|close)'
shows
openat(AT_FDCWD, "/dev/nvme0n1p3", O_RDONLY|ODIRECT) = 3
close(3)
openat(AT_FDCWD, "/dev/nvme0n1p3", O_RDONLY|O_NONBLOCK|OCLOEXEC) = 3
close(3)
openat(AT_FDCWD, "/dev/nvme0n1p3", O_RDWR|OEXCL) = -1 EBUSY (Device or resource busy)
So there must be something holdig a hand on the partition.
Any idea what that might be?
--
Josef Wolf
jw at raven.inka.de
More information about the ubuntu-users
mailing list