Tuesday, February 9, 2010


Just like the last 2 years, I joined the FOSDEM fun. Just like every year there were lots of awesome beers, chocolates, waffles and of course conference full of awesome hackers from all over the world & their awesome talks. In short, the same old 'awesome' experience. Also I finally got to meet Jens George (phako) in person. Another thing that went it a totally unusual (and unexpected) direction was my home directory. Here is how it went:

Early Sunday morning (8:00) my alarm goes off to wake me up in time for my 10:15 am talk. I manage to get up after half an hour of snoozing the alarm, get ready (including getting a shower out of almost non-functional shower), back-up my slides on USB stick and manage to get to the conference room 10 minutes before the talk along with my room-mates, Marc-Andre and Juerg. Failed to get anything to eat or even a cup of coffee before that.

I open-up the lid of my laptop to find out that it won't be able to wake-up from suspend. No problems, happens all the time even since I moved to Ubuntu so I apply the usual solution: Forced reboot. When the system boots I get into another issues that I had been having ever since I moved to Ubuntu: Soon after I provide the password for my encrypted partition (home and swap), I am told that home partition could not be mounted. No problems, I again apply the usual solution: Hit escape key to get to a root shell, where I do this:

# cryptsetup remove home
# cryptsetup create home /dev/sda6
Enter passphrase:
# mount /home

Normally, at this point I just hit CTRL+d and normal boot sequence resumes and everyone on the laptop lives happily ever after. However, this time thats not what happens. `mount` says:

mount: wrong fs type, bad option, bad superblock on /dev/mapper/home,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

This has also happened before but usually this means I mistyped the password and I just have to repeat the above procedure. However, after trying several times, I keep getting the same message. I give-up and lend Marc-Andre's laptop for the slides show. After the presentation, I tried everything and asked everyone I knew who might have any clues but no help came.

Since I get the same questions each time I tell this story to anyone, I thought I append this blog entry by an FAQ:

Q: Why on earth are you encrypting your partitions:
A: Nokia security policy.

Q: What makes you so sure that you haven't just forgotten the password.
A: Because I keep the exact same password for both the partitions and I am able to successfully decrypt one of them.

Q: Have you tried looking at `dmesg | tail`?
A: Yes, nothing in there.

Q: Have you tried fsck?
A: Yes, that can't make any sense out of the "unencrypted" block device either. Because of this, I suspect something is wrong on the actual (encrypted) device, which fsck can not help with.


Jason said...

This is from memory.

If memory serves, I had the exact same error message on an encrypted external USB drive.

It turned out that the USB interface was not re-setting correctly - a known problem with that model of drive (Lacie BigDisk).

Perhaps then, it is a similar controller / interface issue?

I would try putting the drive in an external enclosure and trying it that way.

Sorry if that's not much help, it's the best I've got.

Unknown said...

Use LUKS dude.
I were playing with plain cryptsetup volumes some time. They are good if you want to hide filsesystem in file(because theres no header/container, so you cannot say if typed password(key) is good, unless you know what FS should be there). LUKS is not only better because it contain header/container, so its easier to manage/recover/tell if password was good. But you can have multiple passphrase/use pendrive to store password[any file can be], but you can change it whenever you want w/o recrypting FS, because passphrase isnt key used directly to decrypt FS, but to decrypt real key.

zeenix said...

Yeah, I realized that main problem was me not using LUKS. At the time when i created these partitions, I didn't know cryptsetup creates non-LUKS if you don't use the LUKS extension commands. OTOH, I don't think I knew the difference between dm-crypt & LUKS either. :(

Dieter_be said...

Heh. It looks like you only encrypt because of Nokia's policy.
I think it's very good Nokia has such a policy. Encrypting your laptop really is a very good thing and I recommend it to everyone.

Anonymous said...

dieter_be: if there only wouldn't be the problem, that encryption makes swap that incredibly slow that a clean boot is significantly faster than resuming from suspend mode.