Bug#576635: Acknowledgement (Unable to access an encrypted root partition after a failed resume)
- To: 576635@bugs.debian.org
- Subject: Bug#576635: Acknowledgement (Unable to access an encrypted root partition after a failed resume)
- From: Daniel Burrows <dburrows@debian.org>
- Date: Sun, 20 Jun 2010 14:34:33 -0700
- Message-id: <20100620213433.GA20912@emurlahn.burrows.local>
- Reply-to: Daniel Burrows <dburrows@debian.org>, 576635@bugs.debian.org
- In-reply-to: <handler.576635.B.127052696728218.ack@bugs.debian.org>
- References: <20100406040923.GA5159@emurlahn.burrows.local> <handler.576635.B.127052696728218.ack@bugs.debian.org>
I finally got around to looking at the image I took.
The encryption seems to be perfectly fine: there's a LUKS header in
the block device, and I can open it up using cryptsetup.
The trouble seems to be that it's not recognized as a physical LVM
volume. Comparing it to a working physical volume, I notice that the
working volume starts off with 0x200 NULs, then "LABELONE" followed by
"LVM2 001", 32 random alphanumeric characters, and then some binary data,
followed by lots of NULs. At 0x1004, the working volume contains the
string " LVM2 x[5A%r0N*>" followed by a bit more binary data; at 0x1200,
there's what appears to be a volume group configuration.
On the broken volume, "LABELONE" and the first occurrence of "LVM2 001"
are missing. However, I do see "LVM2 x[5A%r0N*>" at 0x1004 and what
appears to be volume group configuration at 0x1200.
My hunch is that the physical volume's information is still present,
but the magic strings that LVM uses to recognize it as a physical volume
have gone missing. It almost looks like the first 4096 (0x1000) bytes
of the partition were overwritten with garbage. I might be able to
recover everything if I can just create a correct PV header at the front
of the device. Is there any documentation on what the format of a PV
header is? I couldn't find anything online.
Also, any suggestions about how to identify the culprit that was
responsible for the overwrite? The first few lines of the hexdump are:
00000000 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 |................|
*
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000040 08 00 00 00 04 00 00 00 e1 7a 54 3f f6 28 5c 3f |.........zT?.(\?|
00000050 80 30 4f f5 ae 7f 00 00 10 00 00 00 04 00 00 00 |.0O.............|
00000060 9a 99 59 3f ae 47 61 3f 80 30 4f f5 ae 7f 00 00 |..Y?.Ga?.0O.....|
00000070 20 00 00 00 04 00 00 00 c1 ca 61 3f c3 f5 68 3f | .........a?..h?|
00000080 80 30 4f f5 ae 7f 00 00 30 00 00 00 08 00 00 00 |.0O.....0.......|
00000090 b8 1e 65 3f 83 c0 6a 3f 90 30 4f f5 ae 7f 00 00 |..e?..j?.0O.....|
000000a0 40 00 00 00 08 00 00 00 a8 c6 6b 3f d7 a3 70 3f |@.........k?..p?|
It repeats like that for several pages.
I did find some references to the "--restorefile" option to pvcreate;
it sounds like I could maybe recover the physical volume using that
option, assuming that the metadata I extracted from the volume is
correct. I've saved the first megabyte of the unencrypted device in
its broken state for future reference, in case it's useful for
diagnosing what happened.
Daniel
Reply to: