Ok, another question for #Linux users. I have all my storage on #luks 2 encrypted volumes with #cryptsetup . I like to be able to shut off one harddrive (which is in a bay with a switch.) I had a nice little script to unmount, close the volume, and then put the drive to sleep so I could safely shut it off. But recently cryptsetup has been failing to actually close volumes. I suspect it's because I enabled the KVM module after I ran across this: https://alext.mail.at/post/cryptsetup-close-crypt-fails-with-device-crypt-is-still-in-use So probably a namespace.

The problem is I have no clue how to use that... I can't find whatever is holding it and can't unlock it.

What I really need is something I can put in that script...

I don't really want to disable the KVM module just for that.

EDIT: I have lsof all up the wazoo. It finds nothing.

Today's desktop computer challenge: For the case I need access to my home desktop from remote, I trigger boot through wake on LAN and then remotely unlock the encrypted hard disks through SSH.

The challenge: Two encrypted hard disks. Solution: For the second hard drive add a key file located on the first hard disk as additional slot through cryptsetup, update the configuration in `/etc/crypttab`. Done.

1/n

#ubuntu #dropbear #cryptsetup #wol

#linux #cryptsetup #luks are there any practices surrounding rotating the volume key using `cryptsetup reencrypt <cryptvolume>`?

IIUC, when the header is stolen it is possible to determine exactly which key/passphrase is the correct one. So by exfiltrating the header alone, one could theoretically start cracking. So reencrypting would prevent a stolen header from being useful for too long a long time afterwards.

Granted, it is a bit hypothetical. #security #encryption #confidentiality