VeraCrypt icon indicating copy to clipboard operation
VeraCrypt copied to clipboard

Published 20 hours ago verified publisher icon veracrypt

Issue related to ext4 and lazy Initialisation

Open kidburglar opened this issue 3 years ago • 8 comments

Hello, I was playing with an outer and hidden volume that I created through veracrypt command line with ext4 for outer and hidden volume. After a time I got the veracrypt protection for the hidden volume.

It was weird that it was still triggered later when I remount the drive. By setting block_dump to "1" for debuging the command dmesg showed that.

blk_update_request: operation not supported error ... sector xxx op ... (WRITE_ZEROES)...
ext4lazyinit: WRITE block xxx...

I guess that by default lazy initialisation is enabled and it continue in background any time on the outer volume. What's a bigger issue when it's triggered it continue to trigger the veracrypt protection.

Expected behavior

Doesn't trigger the veracrypt protection and avoid to have it in a loop when it's mounted. It need to done the initialisation when we do mkfs, it's slower but it would prevent the problem (https://linuxluvr.blogspot.com/2017/06/how-to-disable-ext4-lazy-initialisation.html)

Observed behavior

One the protection is triggered I can try to remount my outer volume after a system reboot but it's keep triggering veracrypt protection.

Steps to reproduce

  1. Extract veracrypt console
  2. Removed all my partition with cfdisk and make 1 partition for my whole hard drive
  3. veracrypt -t -c --volume-type=normal --filesystem=ext4 --random-source=/dev/urandom /dev/sda1
  4. veracrypt -t -c --volume-type=hidden --filesystem=ext4 --random-source=/dev/urandom /dev/sda1

Screenshots

None

Your Environment

VeraCrypt version: 1.24-Update7

Operating system and version: I got it on Debian 10 but to be sure it was not related I reproduced on Tails too

System type: 64-bit

Note I cannot use the GUI wizard because when I try to make a hidden volume it doesnt ask how big I want it. I got the error message that I need a 4K sector kind of hard drive for more than 2To hidden volume but I want only do a 50Go. I always got this kind of message on Linux with hard drive bigger than 2To but when making the volume on windows it worked without issue so I think it's an issue with the linux version but I think it's unrelated to the lazy initialisation issue.

I wanted to ask in same time if for furter testing I can use --quick option because any new volume making take much time. Thanks for your help.

kidburglar avatar Apr 15 '21 08:04 kidburglar

Little update, I try to make the volume with filesystem=none so I can frmat them manually but at my first write on the outer volume it protected the hidden volume. By reading the dmesg I see a "lost async page write" error so maybe ext4 is not really a good candidate for veracrypt?

kidburglar avatar Apr 15 '21 19:04 kidburglar

Hello @idrassi

Any thought about that? It's a common issue? I did something wrong?

kidburglar avatar Sep 29 '21 20:09 kidburglar

Hello @idrassi

There is any possibility to have an answer on this issue? Cheers.

kidburglar avatar Nov 07 '21 02:11 kidburglar

Hi @kidburglar,

Normally disabling lazy initialization should solve the problem since all inode tables and the journal will be initialized with zeroes during formatting. This could be done by creating the outer volume without any filesystem like what you did and then mount and use the command "mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/mapper/veracryptX" to format it (replace X in the actual VeraCrypt slot number used for mounting).

Did you use the same way?

idrassi avatar Nov 07 '21 13:11 idrassi

Hello @idrassi

I think I did something similar, I don't have an empty hard drive right now to make a new test.

But I think it must be by default in Veracrypt for avoiding issues related to the protection of the hidden volume. If I have a new drive, I could give it a try.

Can you check my latest question too, please?

I cannot use the GUI wizard because when I try to make a hidden volume it doesnt ask how big I want it. I got the error message that I need a 4K sector kind of hard drive for more than 2To hidden volume but I want only do a 50Go. I always got this kind of message on Linux with hard drive bigger than 2To but when making the volume on windows it worked without issue so I think it's an issue with the linux version but I think it's unrelated to the lazy initialisation issue.

I wanted to ask in same time if for furter testing I can use --quick option because any new volume making take much time. Thanks for your help.

kidburglar avatar Nov 08 '21 09:11 kidburglar

This is interesting, when I setup my encrypted partition

Slot: 1 Volume: /dev/redacted Virtual Device: /dev/loop0 Mount Directory: /mnt/redacted Size: 6.7 TiB Type: Normal Read-Only: No Hidden Volume Protected: No Encryption Algorithm: redacted Primary Key Size: 256 bits Secondary Key Size (XTS Mode): redacted Block Size: 128 bits Mode of Operation: redacted PKCS-5 PRF: redacted Volume Format Version: 2 Embedded Backup Header: Yes

I noticed continuous errors in the system log, such as

[3497991.210344] operation not supported error, dev loop0, sector 125853952 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 [3497991.946412] operation not supported error, dev loop0, sector 125858048 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 [3497992.806334] operation not supported error, dev loop0, sector 125862144 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 [3497993.642341] operation not supported error, dev loop0, sector 125866240 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 [3497994.410335] operation not supported error, dev loop0, sector 125870336 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 [3497995.302377] operation not supported error, dev loop0, sector 125874432 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 [3497996.042397] operation not supported error, dev loop0, sector 125878528 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 [3497996.966300] operation not supported error, dev loop0, sector 125882624 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2

By running:

mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /tmp/.veracrypt_aux_mnt1/volume

I was able to get rid of the error messages,

there might be some more information here:

[https://unix.stackexchange.com/questions/603896/write-zeroes-not-supported-on-loop-devices](https://unix.stackexchange.com/questions/603896/write-zeroes-not-supported-on-loop-devices

Kernel version is 6.1

Thank you! )

M-Stenzel avatar Jan 10 '24 12:01 M-Stenzel

A last update, you should run the mkfs.ext4 on the _un_mounted device, not the mounted device!

M-Stenzel avatar Apr 25 '24 10:04 M-Stenzel

Hello @M-Stenzel

I didn't try again from last time because I just have no new drive to format and at the end to be compatible with Windows and Linux, I started to use something like NTFS or exFAT.

If it works properly, I think it would be something good to enable these option by default so that it is easy to be done without using the command line.

What do you think @idrassi

kidburglar avatar Apr 25 '24 10:04 kidburglar