We have moved to a new Sailfish OS Forum. Please start new discussions there.
2

Encrypted SDCard - All key slots full

asked 2019-10-30 16:42:26 +0200

jollajo gravatar image

After automatic unlock & mount of encrypted SD card has not made it into 3.2.0.12 again I wanted to do it by my own. Up to now I use the 'official' Sailfish way to encrypt the card. It's a pain that automatic unlock & mount is missing and we have to remember to enter password. Also tracker doesn't work for encrypted cards as it is started before the partition is mounted.

The first step would be to add a random key file as a key to luks. Any operations on the console fail as Sailfish claims the device was busy. So I shut down the phone and inserted the card into my PC (Ubuntu).

When I enter

sudo cryptsetup luksAddKey  /dev/mmcblk0p1 /root/random_data_keyfile1
Enter any existing passphrase: 

All key slots full

Also luksDump shows data for all slots. As I have only given one passphrase when the card was encrypted I'm pretty surprised the other 7 slots are in use. Do you have an idea why they're used or if I can delete one of the slots?

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
0

answered 2019-11-05 22:31:51 +0200

jollajo gravatar image

Finally I looked into those occupied slots of the LUKS encrypted sdard:

I inserted the sdcard into the (linux) pc made a backup and killed all slots but not the first on (slot 0)

cryptsetup luksKillSlot /dev/mmcblk1p1 7
cryptsetup luksKillSlot /dev/mmcblk1p1 6
cryptsetup luksKillSlot /dev/mmcblk1p1 5
cryptsetup luksKillSlot /dev/mmcblk1p1 4
cryptsetup luksKillSlot /dev/mmcblk1p1 3
cryptsetup luksKillSlot /dev/mmcblk1p1 2
cryptsetup luksKillSlot /dev/mmcblk1p1 1

Then I unmounted the card reinserted it into the XA2+, started the phone and everything worked as before.

In addition I managed to automount the card. Will describe it in that thread: https://together.jolla.com/question/197178/automount-encrypted-sdcard-with-key-file/

edit flag offensive delete publish link more

Comments

It is better to do that on your Jolla device (using its cryptsetup version), as described in chapter 4.3 of the "Guide: Creating partitions on SD-card, optionally encrypted".

olf ( 2019-11-06 00:38:48 +0200 )edit

I can't find any reference to my problem that all slots were already taken.

jollajo ( 2019-11-06 01:14:58 +0200 )edit

Well, this is a consequence of encrypting the SD-card per SailfishOS Settings -> Storage.

True, thanks to your research I may add a section "How to retain a partition (and the data on it) encrypted per SailfishOS' Settings -> Storage" in aforementioned guide. Using it blindly in its current state would lead a user to reinstanciate the encryption and reformat the partition, which resolves "all key-slots already taken" as well.

olf ( 2019-11-06 01:55:54 +0200 )edit
Login/Signup to Answer

Question tools

Follow
3 followers

Stats

Asked: 2019-10-30 16:42:26 +0200

Seen: 475 times

Last updated: Nov 05 '19