Clonezilla / Feature Requests / #59 Support for unlocking and reading from encrypted LUKS partitions

matt wilbur - 2014-05-30

I would really, really, really also like this. I've recently been faced with cloning dozens of 1TB LUKS encrypted volumes and from a security standpoint it would be fine to unlock and then back up the unprotected volumes.. to speed up imaging/recovery process.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steven Shiau - 2014-06-13

So what's the device name after you use cryptsetup to unlock it?
Is it /dev/mapper/xxx or?

Steven.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- matt wilbur - 2014-06-13
  
  Steven,
  
  /dev/mapper/xxx ..
  
  Please me know if I can do anything to help from here, would be happy to
  help..
  
  matt
  
  On 6/13/14 6:53 AM, Steven Shiau wrote:
  
  So what's the device name after you use cryptsetup to unlock it?
  Is it /dev/mapper/xxx or?
  
  Steven.
  
  [feature-requests:#59]
  http://sourceforge.net/p/clonezilla/feature-requests/59/ Support for
  unlocking and reading from encrypted LUKS partitions
  
  Status: open
  Group: Next_Release_(example)
  Created: Sat Jul 06, 2013 05:31 AM UTC by E Kastelijn
  Last Updated: Fri May 30, 2014 03:26 AM UTC
  Owner: nobody
  
  More and more Linux based machines are being installed with a LUKS
  encrypted partition these days.
  It would be nice if Clonezilla could detect that a partition is LUKS
  encrypted and then ask the user for the passphrase. As soon as the
  encryped partition is unlocked, the normal backup process can be followed.
  This feature request is different from feature request #40, because a
  LUKS encrypted partition can be unlocked using open source tools
  (cryptsetup).
  
  Sent from sourceforge.net because you indicated interest in
  https://sourceforge.net/p/clonezilla/feature-requests/59/
  
  To unsubscribe from further messages, please visit
  https://sourceforge.net/auth/subscriptions/
  
  Related
  
  Feature Requests: #59
  
  alternate
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steven Shiau - 2014-06-14

The device name /dev/mapper/ is the most difficult to deal with now. The Clonezilla codes have to be revised and patched so that not only /dev/cciss/c?d? but also /dev/mapper/* could be scanned and processed.
One thing it's more complicated than /dev/cciss/ is, its naming is wild. Not like cciss, the pattern is c?d?...
We will try to find some time to implement this. However, it's not in the near future.
BTW, patches are welcome.

Steven.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- matt wilbur - 2014-06-14
  
  Understood. I've been kind of amazed that with cryptsetup luksOpen one
  can choose whatever they like as a volume name (that becomes
  /dev/mapper/foo). I'd have thought they'd stuff a volume name in the
  LUKS header but they don't.
  
  Do you have a general direction/module/script/chunk of code I should
  begin with to try and fix this? If you're too busy I completely
  understand.
  
  By the way, THANK YOU for Clonezilla. It's an outstanding piece of
  software my teams and I have used regularly for years.
  
  -Matt
  
  On 6/13/14, 7:20 PM, Steven Shiau wrote:
  
  The device name /dev/mapper//is the most difficult to deal with now.
  The Clonezilla codes have to be revised and patched so that not only
  /dev/cciss/c?d?/ but also /dev/mapper/* could be scanned and processed.
  One thing it's more complicated than /dev/cciss/ is, its naming is
  wild. Not like cciss, the pattern is c?d?...
  We will try to find some time to implement this. However, it's not in
  the near future.
  BTW, patches are welcome.
  
  Steven.
  
  [feature-requests:#59]
  http://sourceforge.net/p/clonezilla/feature-requests/59/ Support for
  unlocking and reading from encrypted LUKS partitions
  
  Status: open
  Group: Next_Release_(example)
  Created: Sat Jul 06, 2013 05:31 AM UTC by E Kastelijn
  Last Updated: Fri Jun 13, 2014 01:53 PM UTC
  Owner: nobody
  
  More and more Linux based machines are being installed with a LUKS
  encrypted partition these days.
  It would be nice if Clonezilla could detect that a partition is LUKS
  encrypted and then ask the user for the passphrase. As soon as the
  encryped partition is unlocked, the normal backup process can be followed.
  This feature request is different from feature request #40, because a
  LUKS encrypted partition can be unlocked using open source tools
  (cryptsetup).
  
  Sent from sourceforge.net because you indicated interest in
  https://sourceforge.net/p/clonezilla/feature-requests/59/
  
  To unsubscribe from further messages, please visit
  https://sourceforge.net/auth/subscriptions/
  
  Related
  
  Feature Requests: #59
  
  alternate
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
  - matt wilbur - 2014-06-14
    
    Never mind I found where to look. Will look at using
    create-cciss-mapping function as an example for luks volumes.
    
    matt
    On 6/13/14 7:55 PM, matt wilbur wrote:
    
    Understood. I've been kind of amazed that with cryptsetup luksOpen one
    can choose whatever they like as a volume name (that becomes
    /dev/mapper/foo). I'd have thought they'd stuff a volume name in the
    LUKS header but they don't.
    
    Do you have a general direction/module/script/chunk of code I should
    begin with to try and fix this? If you're too busy I completely
    understand.
    
    By the way, THANK YOU for Clonezilla. It's an outstanding piece of
    software my teams and I have used regularly for years.
    
    -Matt
    
    On 6/13/14, 7:20 PM, Steven Shiau wrote:
    
    The device name /dev/mapper//is the most difficult to deal with now. The Clonezilla codes have to be revised and patched so that not only /dev/cciss/c?d?/ but also /dev/mapper/* could be scanned and processed. One thing it's more complicated than /dev/cciss/ is, its naming is wild. Not like cciss, the pattern is c?d?... We will try to find some time to implement this. However, it's not in the near future. BTW, patches are welcome. Steven. ------------------------------------------------------------------------ /[feature-requests:#59] <http://sourceforge.net/p/clonezilla/feature-requests/59/> http://sourceforge.net/p/clonezilla/feature-requests/59/ Support for unlocking and reading from encrypted LUKS partitions/ /Status:/ open /Group:/ Next_Release_(example) /Created:/ Sat Jul 06, 2013 05:31 AM UTC by E Kastelijn /Last Updated:/ Fri Jun 13, 2014 01:53 PM UTC /Owner:/ nobody More and more Linux based machines are being installed with a LUKS encrypted partition these days. It would be nice if Clonezilla could detect that a partition is LUKS encrypted and then ask the user for the passphrase. As soon as the encryped partition is unlocked, the normal backup process can be followed. This feature request is different from feature request #40, because a LUKS encrypted partition can be unlocked using open source tools (cryptsetup). ------------------------------------------------------------------------ Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/clonezilla/feature-requests/59/ To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
    
    [feature-requests:#59]
    http://sourceforge.net/p/clonezilla/feature-requests/59/ Support for
    unlocking and reading from encrypted LUKS partitions
    
    Status: open
    Group: Next_Release_(example)
    Created: Sat Jul 06, 2013 05:31 AM UTC by E Kastelijn
    Last Updated: Sat Jun 14, 2014 02:20 AM UTC
    Owner: nobody
    
    More and more Linux based machines are being installed with a LUKS
    encrypted partition these days.
    It would be nice if Clonezilla could detect that a partition is LUKS
    encrypted and then ask the user for the passphrase. As soon as the
    encryped partition is unlocked, the normal backup process can be followed.
    This feature request is different from feature request #40, because a
    LUKS encrypted partition can be unlocked using open source tools
    (cryptsetup).
    
    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/clonezilla/feature-requests/59/
    
    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/
    
    Related
    
    Feature Requests: #59
    
    alternate
    
    If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steven Shiau - 2014-06-14

No no, create-cciss-mapping is not used anymore. Although it might still work, but actually it has some issue. I should remove it from Clonezilla.
We took the patches from Miracle Linux, so now all are in the program:
/usr/share/drbl/sbin/ocs-functions
Those functions, like:
is_supported_dev
is_partition
get_part_number
get_diskname
...

Steven.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Support for unlocking and reading from encrypted LUKS partitions

A partition and disk imaging/cloning program

Group

Searches

Help

#59 Support for unlocking and reading from encrypted LUKS partitions

Related

Discussion

Related

Related

Related