Resending since some mail providers don’t like my work address
I’ve followed the instructions here http://public.dhe.ibm.com/software/dw/linux390/docu/l5n1dc03.pdf and this very helpful presentation from suse here http://vmworkshop.org/2019/present/pencrypt.pdf My device fails to open at boot though. xxxxxxxx:/tmp # systemctl status systemd-cryptsetup* ● systemd-cryptsetup@enc\x2de000.service - Cryptography Setup for enc-e000 Loaded: loaded (/etc/crypttab; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Fri 2020-06-26 12:00:01 CDT; 40min ago Docs: man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8) Process: 3574 ExecStart=/usr/lib/systemd/systemd-cryptsetup attach enc-e000 /dev/disk/by-id/ccw-0XE000-part1 /etc/luks_keys/enc-e000 luks (code=exited, status=1/FAILURE) Main PID: 3574 (code=exited, status=1/FAILURE) Jun 26 12:00:01 xxxxxxxx systemd[1]: Starting Cryptography Setup for enc-e000... Jun 26 12:00:01 xxxxxxxx systemd-cryptsetup[3574]: crypt_load() failed on device /dev/disk/by-id/ccw-0XE000-part1. Jun 26 12:00:01 xxxxxxxx systemd-cryptsetup[3574]: Failed to activate: Invalid argument Jun 26 12:00:01 xxxxxxxx systemd[1]: systemd-cryptsetup@enc\x2de000.service: Main process exited, code=exited, status=1/FAILURE Jun 26 12:00:01 xxxxxxxx systemd[1]: Failed to start Cryptography Setup for enc-e000. Jun 26 12:00:01 xxxxxxxx systemd[1]: systemd-cryptsetup@enc\x2de000.service: Unit entered failed state. Jun 26 12:00:01 xxxxxxxx systemd[1]: systemd-cryptsetup@enc\x2de000.service: Failed with result 'exit-code'. This is SLES 12 SP5 with very current maintenance. Just running the what it appears systemd crypt generator is doing here is doing also results in error xxxxxxxx:~ # /usr/lib/systemd/systemd-cryptsetup attach 'enc-e000' '/dev/disk/by-id/ccw-0XE000-part1' '/etc/luks_keys/enc-e000' 'luks' crypt_load() failed on device /dev/disk/by-id/ccw-0XE000-part1. Failed to activate: Invalid argument any ideas? What’s the invalid argument? /etc/crypttab has this enc-e000 /dev/disk/by-id/ccw-0XE000-part1 /etc/luks_keys/enc-e000 luks And it exists with the random stuff in it: sets-dev2:~ # ls -al /etc/luks_keys/enc-e000 -r-------- 1 root root 4096 Jun 25 19:36 /etc/luks_keys/enc-e000 And it was added to the header with cryptsetup luksAddKey successfully xxxxxxxx:~ # cryptsetup luksDump /dev/disk/by-id/ccw-0XE000-part1 LUKS header information Version: 2 Epoch: 6 Metadata area: 12288 bytes UUID: 411b989b-caca-4536-ad1b-566cc2fb61c7 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 4194304 [bytes] length: (whole device) cipher: paes-xts-plain64 sector: 4096 [bytes] Keyslots: 0: luks2 Key: 1024 bits Priority: normal Cipher: aes-xts-plain64 PBKDF: argon2i Time cost: 4 Memory: 376327 Threads: 2 Salt: c6 a4 d5 82 63 e7 93 3f 73 9f 17 e6 a1 20 a9 b1 a1 e2 74 4e 61 64 92 dc 48 8d 91 db 91 94 fa f7 AF stripes: 4000 Area offset:32768 [bytes] Area length:512000 [bytes] Digest ID: 0 1: luks2 Key: 1024 bits Priority: normal Cipher: aes-xts-plain64 PBKDF: pbkdf2 Hash: sha256 Iterations: 897752 Salt: 25 be b8 01 c7 47 aa db 65 fa a1 1a ee 7d 3c 22 ec f2 91 d2 95 3e e1 3a 6a 6e be 3e 0a ce 23 59 AF stripes: 4000 Area offset:544768 [bytes] Area length:512000 [bytes] Digest ID: 0 2: luks2 Key: 1024 bits Priority: normal Cipher: aes-xts-plain64 PBKDF: pbkdf2 Hash: sha256 Iterations: 903944 Salt: 7c fc d3 1e 60 20 81 87 60 84 b9 eb 0e d1 3b 6d 50 5b cb 37 e6 6b 74 9c 94 96 c6 47 69 c0 d1 e7 AF stripes: 4000 Area offset:1056768 [bytes] Area length:512000 [bytes] Digest ID: 0 Tokens: 0: paes-verification-pattern Digests: 0: pbkdf2 Hash: sha256 Iterations: 14099 Salt: 59 5a a7 80 37 b8 a2 46 59 68 5d af 32 9c 76 d8 eb 8e ea c4 14 fc e0 21 de f0 2a e8 76 25 4c f5 Digest: 32 b4 aa 25 a9 22 6f 3c 7c 7f 0e 67 98 20 11 0f 0e c5 df 8d 47 f5 f5 0c 58 ee 5f b1 5a cc 50 e1 I can luksOpen with the passphrase successfully. And for grins: xxxxxxxx:~ # zkey list Key : xtskey-e000 ------------------------------------------------------------------------------------- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : /dev/disk/by-id/ccw-0XE000-part1:enc-e000 APQNs : 00.002d 01.002d Key file name : /etc/zkey/repository/xtskey-e000.skey Sector size : 4096 bytes Volume type : LUKS2 Verification pattern : cbd966000f0da3bf675923fc44332bac 84100bb540f6b00f596b76ceacf9cb41 Created : 2020-06-25 19:12:33 Changed : 2020-06-26 11:47:02 Re-enciphered : (never) Marcy Cortes VP/Principal Engineer, z/VM and Linux on IBM z Systems Technology Infrastructure / Core Engineering / Mainframe/Midrange Services (MMS) Wells Fargo Bank | MAC A2809-010 | San Francisco Cell 415-517-0895 marcy.d.cor...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -- Marcy ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390