修复 efi 启动后 Luks2 不接受解锁密码

修复 efi 启动后 Luks2 不接受解锁密码

我有 2 个不同品牌和容量的 USB,使用 Kali 的磁盘工具用 Luks2 加密。在纠正启动问题并纠正路径后,我能够访问磁盘,但之后,他们根本不接受密码。我用另外一个盘测试了一下,运行正常。部门的某些变化会是原因吗?!

WD-1TB-LUKS2: /dev/sdd (/dev/sdd1)

LUKS header information
Version:        2
Epoch:          3
Metadata area:  16384 [bytes]
Keyslots area:  16744448 [bytes]
UUID:           afa33689-994f-4bfb-b68a-95166bedab82
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
        offset: 16777216 [bytes]
        length: (whole device)
        cipher: aes-xts-plain64
        sector: 512 [bytes]

Keyslots:
  0: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2id
        Time cost:  11
        Memory:     1048576
        Threads:    4
        Salt:       96 09 fc 6e aa 98 0c 72 26 2f ba ec cb e0 c7 e8 
                    ac a5 eb 85 b7 6b a9 e0 b6 3c e0 04 a8 76 f7 3c 
        AF stripes: 4000
        AF hash:    sha256
        Area offset:32768 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
        Hash:       sha256
        Iterations: 319298
        Salt:       4e a7 01 b3 da 77 af 03 a6 e1 2f ea a4 aa 89 92 
                    bd c2 bc bc 92 32 63 6c eb fc 80 58 02 42 94 4b 
        Digest:     f7 4c 33 2b 1b 23 de 36 36 2d d5 e8 57 8d 6e 09 
                    fa 0b 50 88 ed e3 9a d6 76 5f 90 42 e4 48 ea 10

第二盘

HDD-LUKS2-500GB
LUKS header information
Version:        2
Epoch:          3
Metadata area:  16384 [bytes]
Keyslots area:  16744448 [bytes]
UUID:           20f8e19c-a37d-4049-91d4-571e14a02efa
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
        offset: 16777216 [bytes]
        length: (whole device)
        cipher: aes-xts-plain64
        sector: 512 [bytes]

Keyslots:
  0: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2id
        Time cost:  7
        Memory:     1048576
        Threads:    4
        Salt:       9f 98 26 e8 5f 2d d2 78 f8 ac 87 d1 a9 40 05 56 
                    d7 4b b3 35 e0 2f 84 bf 7e 48 5b 69 14 ff 1a db 
        AF stripes: 4000
        AF hash:    sha256
        Area offset:32768 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
        Hash:       sha256
        Iterations: 320861
        Salt:       13 4c f8 91 c9 25 cb b9 ef b4 2b 25 36 a8 d7 d8 
                    90 c1 36 0e 2c cf 51 04 b1 3c e1 54 04 1c 42 35 
        Digest:     d8 a0 c5 d8 7b 09 a9 a3 d4 07 af 09 da 41 2e e3 
                    6e c5 d2 e0 33 95 fc 12 d0 21 98 58 5c 5a 12 0b

仅适用于 Luks2 的工作磁盘:

HDD-32GB0-WD    

LUKS header information
Version:        2
Epoch:          3
Metadata area:  16384 [bytes]
Keyslots area:  16744448 [bytes]
UUID:           5948fcd5-e99d-4c53-991b-459b60cce38f
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
        offset: 16777216 [bytes]
        length: (whole device)
        cipher: aes-xts-plain64
        sector: 4096 [bytes]

Keyslots:
  0: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2id
        Time cost:  10
        Memory:     1048576
        Threads:    4
        Salt:       ed ad 79 93 45 58 0f 41 93 75 1f 1b a5 85 48 43 
                    3b db 27 73 95 ed de 6c 79 46 48 12 c7 60 96 48 
        AF stripes: 4000
        AF hash:    sha256
        Area offset:32768 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
        Hash:       sha256
        Iterations: 302706
        Salt:       62 80 da cb 32 b6 1d 71 3c 36 e3 7c 91 35 2c 4b 
                    a1 34 25 27 33 a1 dc 24 bf b4 f7 47 08 d2 20 3c 
        Digest:     e0 e1 03 bb 4a 04 5e 93 32 5d 91 c2 b3 db 01 f1 
                    ee 48 f5 76 70 c9 63 33 65 40 19 fb d3 71 68 55


磁盘信息...

Crypttab output
$cat /etc/crypttab   
# <target name> <source device>         <key file>      <options>

$sudo blkid -t TYPE=crypto_LUKS -o device                                                                                                                                                                                           2 ⨯
/dev/sdd1
/dev/sdc1

lsblk output

sdc                   8:32   0 465,8G  0 disk 
└─sdc1                8:33   0 465,8G  0 part 
sdd                   8:48   0 931,5G  0 disk 
└─sdd1                8:49   0 931,5G  0 part

More info and test :

$sudo fdisk -l                              
Disk /dev/sdc: 465,76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: Touro Mobile 3.0
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x5dc1c757

Device     Boot Start       End   Sectors   Size Id Type
/dev/sdc1        2048 976773119 976771072 465,8G e8 unknown


Disk /dev/sdd: 931,51 GiB, 1000204885504 bytes, 1953525167 sectors
Disk model: Expansion       
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x1c5a16fb

Device     Boot Start        End    Sectors   Size Id Type
/dev/sdd1        2048 1953523711 1953521664 931,5G e8 unknown
                                

$ sudo blockdev --getsize64 /dev/sdc1                                                                                                                                                                                                
500106788864                                
                 
$ sudo blockdev --getsize64 /dev/sdd1   
1000203091968                 
                 
                 
sudo parted /dev/sdc unit s print free
Model: HGST Touro Mobile 3.0 (scsi)
Disk /dev/sdc: 976773168s
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags: 

Number  Start       End         Size        Type     File system  Flags
        2s          2047s       2046s                Free Space
 1      2048s       976773119s  976771072s  primary
        976773120s  976773167s  48s                  Free Space

        
        
$ sudo parted /dev/sdd unit s print free
Model: Seagate Expansion (scsi)
Disk /dev/sdd: 1953525167s
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags: 

Number  Start        End          Size         Type     File system  Flags
        2s           2047s        2046s                 Free Space
 1      2048s        1953523711s  1953521664s  primary
        1953523712s  1953525166s  1455s                 Free Space
        
        
        
sudo cryptsetup --debug --verbose luksOpen /dev/sdc1 Device  
[sudo] senha para rocket: 
# cryptsetup 2.5.0 processing "cryptsetup --debug --verbose luksOpen /dev/sdc1 Device"
# Verifying parameters for command open.
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdc1.
# Trying to open and read device /dev/sdc1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sdc1.
# Crypto backend (OpenSSL 3.0.7 1 Nov 2022 [default][legacy]) initialized in cryptsetup library version 2.5.0.
# Detected kernel Linux 5.16.0-kali3-amd64 x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sdc1.
# Opening lock resource file /run/cryptsetup/L_8:33
# Verifying lock handle for /dev/sdc1.
# Device /dev/sdc1 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdc1
# Verifying locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:684ff912851560ae94bd6d4af4ec447040f62dae3f7596e2aed9f7a05fe74e82 (on-disk)
# Checksum:684ff912851560ae94bd6d4af4ec447040f62dae3f7596e2aed9f7a05fe74e82 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sdc1
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:00a1dd76822bd4f47afda8191840b95a1d2f8448419f4f7d89ade082bbd08e31 (on-disk)
# Checksum:00a1dd76822bd4f47afda8191840b95a1d2f8448419f4f7d89ade082bbd08e31 (in-memory)
# Device size 500106788864, offset 16777216.
# Device /dev/sdc1 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Activating volume Device using token (any type) -1.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.45.0.
# Device-mapper backend running with UDEV support enabled.
# dm status Device  [ opencount noflush ]   [16384] (*1)
No usable token is available.
# Interactive passphrase entry requested

返回错误的密码。

使用此信息和其他信息,阅读信息 ->https://unix.stackexchange.com/a/248553 https://superuser.com/questions/1740773/unsure-if-i-encrypted-external-hdd- Correctly-with-luks https://bbs.archlinux.org/viewtopic.php?id=280531和别的...

相关内容