cryptsetup refuses to luksFormat?
Josef Wolf
jw at raven.inka.de
Sat Oct 21 11:49:05 UTC 2023
On Sat, Oct 14, 2023 at 01:51:06AM +0200, Josef Wolf wrote:
> I want to encrypt the whole disk (including boot) on ubuntu-2204 as described on
> https://discourse.maas.io/t/deploying-servers-with-full-disk-encryption-luks2/3286
>
> So I enter following commands:
>
> # mount -o remount,ro /boot
> # install -m0600 /dev/null /tmp/boot.tar
> # tar -C /boot --acls --xattrs --one-file-system -cf /tmp/boot.tar .
> # umount /boot/efi
> # umount /boot
> # cryptsetup -y luksFormat --type luks1 /dev/nvme0n1p3
> WARNING: Device /dev/nvme0n1p3 already contains a 'ext4' superblock signature.
>
> WARNING!
> ========
> This will overwrite dataon /dev/nvme0n1p3 irrevocably.
>
> Are you sure? (Type 'yes' in capital letters); YES
> Device /dev/nvme0n1p3 is in use. Cannot proceed with format operation.
>
> Uh, not what I expected. So i start to investigate:
>
> # grep /dev/nvme0n1p3 /proc/mounts
> # lsof | grep /dev/nvme0n1p3
> # lsof /dev/nvme0n1p3
> # fuser /dev/nvme0n1p3
>
> So:
> - umount succeeded
> - /proc/mounts, lsof, fuser don's show any sign that the partition is in use
>
> BUT:
>
> strace cryptsetup luksFormat --type luks1 /dev/nvme0n1p3 2>&1 | \
> egrep '(nvme0n1p3|close)'
>
> shows
>
> openat(AT_FDCWD, "/dev/nvme0n1p3", O_RDONLY|ODIRECT) = 3
> close(3)
> openat(AT_FDCWD, "/dev/nvme0n1p3", O_RDONLY|O_NONBLOCK|OCLOEXEC) = 3
> close(3)
> openat(AT_FDCWD, "/dev/nvme0n1p3", O_RDWR|OEXCL) = -1 EBUSY (Device or resource busy)
>
> So there must be something holdig a hand on the partition.
>
> Any idea what that might be?
No ideas on this one?
--
Josef Wolf
jw at raven.inka.de
More information about the ubuntu-users
mailing list