Trying to change LUKS passphrase in Qubes 4.1 I can’t figure out which I need to use. (as with most of the replies above).
Running lsblk -fs | head -n 40 I get:
(you can’t copy / paste from dom0) so this is rough:
loop0
loop1
. . .
loop 20
sda1 500 M 25%/boot
-sda
qubes_dom0-root–pool-tmeta
. . .
M2 001
- nvme0n1p1 crypto-LUKS 2
. . .
qubes_dom0-root–pool-tdata
M2 001
- nvme0n1p1 crypto-LUKS 2
Nothing I try comes up as a valid device using;
sudo cryptsetup luksDump // | grep Key.Slot
Where is anything remotely likely like /sda/nvme0n1p1 or
/qubes_dom0-root/M2001/nvme0n1p1
Or any combination I can think of. So any helpful ideas of what constitutes the ‘’ would be gratefully appreciated.
Not sure what @Scumbag means by the ‘base command’. And I’m wary of messing with cryptsetup so if I’m unsure I’m going with ‘do nothing’.
The only thing recognisable is the sda1 or sda and crypto-LUKS 2 is not under that.
luksDump requires a and that’s the problem I’m trying to get luksDump to solve. Catch 22.
And all the documentation I can find assumes you know the .
You can do so.
You can copy in dom0 and then use qui-clipboard to copy the dom0 clipboard
contents,so they can be passed to a qube using normal Ctrl+Shift+V
operation.
Or you can redirect output to a file,and then used qvm-copy-to-vm
to copy the file to a qube.
It might have helped if you had given details of what you had tried. (I
know that nothing you tried worked,but I don’t know what you did try.)
Or if you had given details of your disks.
If I understand your output correctly, you have /boot on /dev/sda2 and
the encrypted Qubes install on nvme drive.
I would try /dev/nvme0n1p1
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
I just wrote a long answer with the output of the above . . . but outputting:
sudo cryptsetup luksDump /dev/nvme0n1p1 (like you said) to stdout or into a text file does give a suitable output. That’s what @Scumbag meant by the base command.
or any variant of that does not work so I can’t know for sure that key slot is enabled and I daren’t risk getting totally shut out if it isn’t and I’ve removed the original passphrase which, of course, does work.
Is there another way to check the new passphrase will work? Just rebooting and trying it fails and I have to use the old one to get in.