recover data from LUKS2+integrity device with bogus checksum
I created an encrypted+authenticated device, accidentally trashed the checksum and am now getting
"INTEGRITY AEAD ERROR"s in dmesg when trying to access the data on the device. I now struggle to disable the checksum (temporarily) to access the data again. integritysetup
has --integrity-recovery-mode
, but cryptsetup
does not. Also, I'm unable to serially unlock the integrity-device and the crypt-device (most probably they're somewhat entangled, and "crypt on top of integrity" is a too simple picture, here).
Steps to reproduce:
> dd if=/dev/zero of=raw bs=1M count=1024
> losetup loop0 raw
> echo key > key
> cryptsetup luksFormat /dev/loop0 --integrity hmac-sha256 --integrity-no-wipe --key-file $(pwd)/key
> cryptsetup luksOpen /dev/loop0 test --key-file key
> base64 < /dev/mapper/test | uniq
base64: read error: Input/output error
This is expected - but what can I do to access the data on the drive? Adding --integrity-recovery-mode
to the cryptsetup luksOpen
command above will not work, neither will setting /sys/block/dm-0/integrity/read_verify
(the latter does not even work with a plain integrity device).
Regards, Erich