Update: I made this program in 2008. In the meantime, some other guy appears to have written his own, apparently much more complete re-implementation. Feel free to check it out here: https://github.com/bwalex/tc-play – chances are that if that one works for you, I won’t be updating dmsetup-tc anymore.


TrueCrypt® is a multi-platform on-the-fly drive encryption tool. It allows you to encrypt all your data in a filesystem and still use everything normally. On Windows, it supports encrypting the system (boot) partition (or the entire boot drive); you can even make TrueCrypt® encrypt your existing partitions live and continue working (though the I/O performance sucks until it’s finished encrypting everything), pause and resume the encryption process (even across reboots). In short: it’s rather useful.

Even though TrueCrypt® introduced Windows system encryption in version 5.0 in February 2008 (that’s five months ago), its Linux version still doesn’t support accessing these encrypted partitions at all (it does mount “normal” TrueCrypt® volumes though). Since I recently encrypted my entire Windows drive but couldn’t live without the music files stored on it, I now humbly present the result of two wasted nights: a solution.

This just in!

A letter from the friendly folks over at truecrypt.org (®?) notified me that they don’t like my using their trademark TrueCrypt® in the name of my tool. To help avoid uncomfortable situations, I would like to point out to everybody that this tool is called dmsetup-tc and not dmsetup-TrueCrypt®.

To demonstrate that I take trademarks very seriously, I have taken great care in this article to give the trademark all the attention it undoubtedly deserves.

Before you join the fun…

I’d love to take a dive into technical details now but you’ll probably go away before I even get myself warmed up properly, so I’ll try and appease myself by mentioning that I learned lots of new things, including the gory details of XTS and PKCS#5/PBKDF2. Oh, and I first tried patching this stuff into TrueCrypt® but failed mainly due to two reasons: first, TrueCrypt® is written in C++ and it shows in the architecture; second, C++ itself. When I had everything but the correct initialization of the XTS tweak working, I gave up and started writing a separate tool. The positive side: it compiles in about a second and is snappier than TrueCrypt® when it runs, too (and it doesn’t do whatever weird things TrueCrypt® does with FUSE).

Oh, right, I wanted to keep the details out of this. Sorry.

What you need

  • A computer with a little-endian architecture (rule of thumb: if Windows runs on it, you’re fine). Support for big-endian architectures will be added if someone else writes a patch. ;)
  • A Windows sytem partition or drive that has been encrypted (completely; partial encryption is absolutely not supported) with TrueCrypt®. Normal TrueCrypt® partitions are not supported; after all, TrueCrypt® for Linux works fine for them.
  • A Linux system that you want to access the partition(s) from.
  • libgcrypt (tested with version 1.2.4) and its development files.
  • GNU make.
  • A C compiler (tested with GCC 4.2.3).
  • Optionally, experience with C and so on if you want to track down (and fix) bugs or add features.

Install it

  1. Download the source code: dmsetup-tc-0.6.tar.bz2 (updated 15th January 2013). Alternatively, visit the git repository page.
  2. Extract it somewhere.
  3. Run make. You know the drill.
  4. Put the resulting binary wherever you like.

Use it

Now, suppose you’ve got an encrypted system drive on /dev/sda and you want to mount the partition /dev/sda1. Then you just do the following (as root):

.../dmsetup-tc /dev/sda /dev/sda1 | dmsetup create win1

(As of 2 Sep 2012, you can alternatively pass a TC volume header file, i.e. the volume header dumped to a plain file, as the first parameter.)

This will create a DM device /dev/mapper/win1. You can now mount it. Assuming it’s got an NTFS filesystem (and you actually have a mountpoint called /media/win1):

mount -t ntfs-3g -o uid=(your numeric uid),umask=077 /dev/mapper/win1 /media/win1

There, all done. After umounting, remember to remove the DM device so that even root can’t get at your data anymore:

dmsetup remove win1

Important: don’t use dmsetup-tc on its own; always pipe its output directly into dmsetup! It outputs your volume master keys. You don’t want anybody to get a hold of those. There is a certain security risk to piping the data, too (it might get paged out and end up in your swap, which is problematic if you don’t use encrypted swap; additionally, the data from the pipe might reside somewhere in your physical memory for some time, possibly allowing root to read the master key even after you have removed the DM device). You have been warned.

Contribute

I’m developing the tool in a Git repository and you can join in! See the repository page for details.

You can also contribute by sending me feedback, but my capacity for actively adding new features to this tool is very limited.

In either case, thank you very much!

50 responses to this post

  1. Cchild says:

    make
    gcc -O3 -c main.c
    In file included from main.c:43:
    pkcs5.h:4:20: error: gcrypt.h: No such file or directory
    In file included from main.c:43:
    pkcs5.h:6: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘gcry_pbkdf2’
    main.c: In function ‘crypt_init’:
    main.c:181: error: ‘GCRYCTL_INIT_SECMEM’ undeclared (first use in this function)
    main.c:181: error: (Each undeclared identifier is reported only once
    main.c:181: error: for each function it appears in.)
    main.c: In function ‘crypt_derive_key’:
    main.c:192: error: ‘GCRY_MD_RMD160’ undeclared (first use in this function)
    make: *** [main.o] Error 1

  2. Jan says:

    Cchild, you need the libgcrypt header files and so on to be able to compile it. In Debian and Ubuntu that’s the libgcrypt11-dev package.

  3. Cchild says:

    Got it working–needed libgcrypt. But still having trouble creating a mapper device and mounting it.

    Thanks

  4. Cchild says:

    I mistakenly override the truecrypt boot-loader and the rescue disc to my foolishness is an image file located in my documents directory in windows, the drive that is fully encrypted.

  5. Jan says:

    This is a bit inconvenient as a chat system, isn’t it? ;)

    If it dies without an error message or anything like that, it may be helpful to compile it differently: change the CFLAGS line in Makefile to CFLAGS = -O3 -DDEBUG and re-run make.

    If something doesn’t work right, you’ll need to be a bit more specific.

  6. Jan says:

    Things may be salvagable with dmsetup-tc IFF you didn’t overwrite too much. The volume header resides in sector #62; dmsetup-tc should be able to mount the partition if that is still untouched.

  7. Cchild says:

    # ./dmsetup-tc /dev/sda /dev/sda1 | dmsetup create foobar
    Enter passphrase for encrypted volume:
    dmsetup-tc: fatal error: Success

    The above means it works correct–at least creating the mapper device?

  8. Jan says:

    No, that means something doesn’t work correctly but my error handling isn’t good enough to properly tell you what it was (sorry). Please send me an e-mail or subscribe to the blog feed to hear about updates. I’ll have another look at it tomorrow or so.

    In the meantime, you can do the -DDEBUG recompile I suggested above to get a bit more information about where it fails.

    PS. the name of the tool needed to be changed due to trademark issues; I have taken the liberty to slightly edit your comment to reflect this.

  9. Cchild says:

    I noticed the post on the forum was removed–and I figured it was probably due to naming.

    It looks as if I may have to reinstall windows–the only other rescue disk I have is for another system. I used it to restore the truecrypt boot-loader, but it won’t accept my password. I will subscribe to your blog and maybe shoot you an email.

  10. Jan says:

    Bad news, I think: using another rescue disk to restore the bootloader trashes the volume master keys (every rescue disk has a copy of the volume-specific encrypted header, so using the wrong rescue disk restores the wrong header and the wrong keys).

    I think you’re *really* screwed now. If so, you have my sympathy.

  11. Cchild says:

    So in other words, I must reinstall the OS?

  12. Jan says:

    I’m not a certified expert or anything but yes, that’s what it looks like to me.

  13. Cchild says:

    Reinstall should not be a problem–My data is backed up. I may hay a handful files in my Windows home directory that I will lose.

    This is how it happened. I was upgrading (clean install) from openSUSE 10.3 to openSUSE 11.0 and forgot one crucial check–I forgot to tell the boot-loader not to allow writing mbr to disk–since grub currently does not support truecrypt boot-loader.

  14. Andrew says:

    Attempted to use dmsetup-tc on Ubuntu Hardy Heron.

    Drive structure:

    hda: TrueCrypt MBR

    hda1: TrueCrypt system encrypted Windows XP (fully encrypted)
    hda2: GRUB bootloader (chainloads hda1 if pwd supplied at TrueCrypt MBR; also boots Ubuntu)
    Ubuntu 8.04 Hardy Heron
    hda3: swap

    Compiled with: CFLAGS = -O3 -DDEBUG

    Tried to do:

    # dmsetup-tc /dev/hda /dev/hda1 | dmsetup create hda1
    Enter passphrase for encrypted volume:
    Loading header from /dev/hda…
    Deriving header key…
    Decrypting header…
    dmsetup-tc: fatal error: Success
    #

    /dev/mapper/hda1 is created, but I cannot mount it.

    To get a clue, I tried redirecting the output of dmsetup-tc to a file: out.txt.
    The file is empty after running the command.

    I tried permutations of my passphrase, with same result. (Inspecting the main.c file, I think I’d have gotten a little further feedback if the command was working, but I had entered a bogus passphrase.)

    I’ve verified after these attempts that I can successfully restart, enter my passphrase at the TrueCrypt MBR prompt, and boot into Windows XP.

    Using TrueCrypt 6.0a on hda1.

    Any suggestions where I might be going wrong?

  15. [...] Creative Engineering « How to use TrueCrypt®-encrypted Windows system drives on Linux [...]

  16. J. C. Denton says:

    Thanks a lot for the program Jan. Unfortunately, it doesn’t work for me (on a Gentoo Linux system already using DM-Crypt + Luks for Linux system encryption). I actually think your program is fine only when the output is piped to dmsetup that one fails and replies that the device or resource is busy. Can’t figure out what it is, any ideas ? The system layout is Windows system encryption on hda1 (not the entire hard drive, only on that one), plus 2 more partitions encrypted using DM-Crypt + Luks. Maybe it interferes somehow ? Or I got the parameters wrong, why do I have to give the partition and on top of it the disk device ? Can’t that be deduced ? Or is it because your program needs something from the MBR which might be somewhere else ? Thanks a lot. ;)

  17. Jan says:

    For reference, here’s a rough summary of the reply I sent to J.C.’s comment: 1) check the syslog (including dmesg logfile) for relevant information. 2) I vaguely recall that at some point, the loop driver was unable to support multiple loop devices unless compiled as a module.

  18. [...] public links >> truecrypt How to use TrueCrypt-encrypted Windows system drives on Linux Saved by jannideath on Wed 05-11-2008 Useful Software – Truecrypt Saved by omifan92 on Sun [...]

  19. J. C. Denton says:

    Ok, my problem is fixed, and has been for some time. I am really sorry, for not reporting back, but I totally forgot about the question I posted here. Thanks a lot for your mail Jan, but since it is not my regular e-mail I only found it now and was reminded of this.

    Here is the solution, it was very simple: My kernel was simply lacking XTS crypto support, even though the error message given by dmsetup did not give any indication of that at all. You might wanna mention that in the program requirements, though. My current kernel (2.6.25) still has XTS marked as Experimental, but my previous one (.23) didn’t have it at all. So, I guess I am not the only one out there that need to do a kernel update for that. For completeness sake, my system has both the regular loopback device as well as the device mapper crypto target (not the crypto-loop device) coded into the kernel and this works just fine with multiple encrypted volumes. Adding an abitrary number in form of encrypted USB disks seems to work, too. So, I guess there is no limitation.

    Once again I wanna thank Jan for this wonderful tool. I have it running on two computers now, without any problems, and I still keep using it in spite of the new TrueCrypt version claiming to offer the same functionality. I just like the slickness with which it perfectly integrates into my automount scripts. Contrary to this, I HAVE to use the official TC for my non-System windows drives and the way it messes up my mtab with those weird fuse mounts is just bad and not pretty at all.

    Finally, Jan’s program came in very handy when I was struggling to understand the TC Volume Specification, in order to make a low-level backup of all my MBRs, partition tables and crypto headers. Btw, I recommend doing that to everyone, in DMCrypt+Luks the single availability of the header is the single point of failure and TC only has the backup burned to the Rescue CD (apparently, there is no backup volume header on the driver for system encrypted drives).

  20. Mary vs John Jr says:

    I’m too on Gentoo, and after compiling and then installing the XTS kernel module (plus a reboot to use new kernel code) this works perfectly. I’m wondering if I can mount normal TC partitions this way instead of doing “truecrypt /dev/xxx /mnt/test”?

    also, for a related problem – when I boot into my windows side, how do I r/rw my TC partition linux formatted in ext2fs? I used ext2ifs before but now that the partition is encrypted and in ext3, neither truecrypt(windows) nor ext2ifs can deal with it.

  21. Jan says:

    Mary, or, John,

    first off, you do know that the name you filled in there is a bit confusing, right? ;)

    Anyway. tc-dmsetup currently doesn’t support “normal” TC partitions. I wrote it when TC for Linux did not support mounting Windows encrypted system drives *at all*. Now that it does, perhaps I should extend tc-dmsetup to handle the normal case too. Patches welcome, of course.

    As for accessing TC-encrypted ext2/3 partitions from Windows, I have no idea. On my computer I have avoided doing that because I didn’t want to ask myself that question. In theory it should work a bit like this: TC handles the decryption stuff and designates a drive letter to use and for accessing the filesystem the ext2 driver automatically kicks in. One thing that may or may not help is trying a different ext2 driver, e.g. Ext2fsd.

    Good luck!

  22. Carb Bar says:

    I’ve just tested ext2fsd against truecrypt under windows, not work. like ext2ifs, it would only mount disk partitions but not logical drives. at the moment..
    thanks for dmsetup-tc just what I needed!

  23. J. C. Denton says:

    main.c line 207:

    res->size = 128;

    should be

    res->size = 64;

    Am I right ? (Has no effect though, since “size” is never used again here as far as I can see … )

  24. biso says:

    i m a new user to truecrypt.is it possible to excess the the encrypt data when truecrypte has been uninstalled from the system.(whether the data will be lost).
    though we are using true crypt if someone delete the space we create by truecrypt , how can we prevent from this things.

  25. Scott Smith says:

    I am SO grateful for your work on this! What a wonderful contribution to the Linux toolbox.

  26. oli says:

    hi, first of all: thanks for your tool.

    unfortunatly its not working:
    [root@lucy dmsetup-tc-0.2]# ./dmsetup-tc /dev/sda /dev/sda1
    Enter passphrase for encrypted volume:
    Your volume header is corrupted. I suspect faulty RAM. Have it checked
    (and possibly fixed) and restore the header from your rescue CD.

    i already did that and its working fine when i start the tc loader. also did a memtest86 – everything ok. btw. would be nice (eg. for exactly that case) to load the stuff from the rescue cd instead of /dev/sd(x) – it would be possible than to rescue data from a system without touching anything :)

  27. oli says:

    Back again. I wrote a little entry in my blog. Would be nice if you could check this out. Thanks alot for your tool, its working like a charm!

    • Jan says:

      Thanks for looking into this, oli. I’ve just uploaded a new version of dmsetup-tc that should hopefully fix the checksum validation. See if it works better for you.

      • oli says:

        Hi Jan,

        can you change the method boswap from int to unsigned int? Then it works nice on x86_64. I noticed my results in my blog. Check it out if you like :)

        Your tool should be included in truecrypt. This is really a damn nice thing! Maybe i will write a GUI when i have some free time if its not included in TC.

  28. B.Ok says:

    Hi guys,

    Great tool followed by a nice debug chit-chat, a bit too technical for me i must confess.

    Your article (s)/tool however is a sublime finding for me as it helped me understand why i repeatedly fail to mount a windows-made-truecrypt-drive (full drive encryption, non system drive).

    Im eager to try it out in an attempt to mount the encrypted volume which has boot sector problem that i want to fix (i accidentally formatted the Drive under windows. It was not mounted when the blunder took place).

    First, under windows, i fixed a header mismatch issue using TrueCrypt.
    Afterwords, i could mount the device but couldn’t not accessed it because Windows don’t recognize the file system.
    I used Testdisk to no avail trying to recover from the Boot Sector Backup.

    I tried various Drive/Partition recovery tools but only WinHex could detect the mounted Volume (so it could help fixing the matter hopefully_im waiting for a reply from the developer of that application as to the chances of recovery…).
    Meanwhile i keep on searching for alternative solutions like booting from a LiveCd, then use Truecrypt to load the Volume, ….

    Enters your Tool.

    Shall keep you posted on this one.

    Thanks Guys.

    B.Ok

  29. Jitesh Gajjar says:

    Hi,
    I have tried this but get the following error message

    sudo ./dmsetup-tc /dev/sdb /dev/sdb1 |dmsetup create win1

    /dev/mapper/control: open failed: Permission denied
    Failure to communicate with kernel device-mapper driver.
    Command failed

    Any help appreciated.

  30. LukasT says:

    Worked on Fedora 16 nicely!

  31. hede says:

    For me, there’s a missing feature: Loading the TC-header from file instead of hard disk sector 63.
    (The thing is, I’m using a raw disk partition inside an VirtualBox VM and this VM has no access rights to HDD sector 63, but I can mirror the 512 bytes inside the VM as a file)

    So here’s my patch (what’s the line limit for comments???)

    Additional Usage: The second parameter can either be a Block Special (i.e. /dev/sda), then it works like before. If it’s a regular file, then it will be interpreted directly as the 512 Byte TC-header.

    DISCLAIMER: I do not know if some things may break, especially because I changed /sys/block/[disk]/[partition] to /sys/class/block/[partition]. For me it works…

    Inline patch removed by Jan because it was broken; the effective changes are now in the git repository

    • hede says:

      Sorry, my fault… it’s the FIRST parameter, not the second, which can be a file containing the TC header!

      (Ach und Tschuldigung Jan, ich seh grad erst, dass auch Kontaktdaten per Mail zur Verfügung stehen. Hätte ja meinen Patch zur Ansicht auch per Mail schicken können.)

    • hede says:

      The patch with my previous comment is broken. Something has gone wrong… either with my browser, the code-tag here in WordPress or something else …

      I think it’s useless here. I’ll send it via email.

    • Jan says:

      Thanks a bunch! I’ve released 0.5 which contains this feature.

  32. hede says:

    If you want to use dmsetup-tc from a script and your devices got somehow shuffled (varying BIOS/Kernel device detection order), then use the links in /dev/disk/.

    Like for example here:

    dmsetup-tc /boot/TC-header1.img `readlink -f /dev/disk/by-id/ata-VBOX_HARDDISK_VB8f3ab509-81fbebf3-part3`

    (don’t wonder, here i’m using a file as source for the TC Header. That’s not possible with the actual 0.4 release but I’ve sent Jan a patch)

  33. jchadwick says:

    The order your linker arguments are in seems to upset GOLD.


    diff --git a/Makefile b/Makefile
    index 2709bed..516a1fb 100644
    --- a/Makefile
    +++ b/Makefile
    @@ -11,7 +11,7 @@ clean:
    rm -f *.o $(BIN)

    $(BIN): main.o crc32.o xts.o pkcs5.o
    - $(CC) $(LDFLAGS) -o $@ $^
    + $(CC) -o $@ $^ $(LDFLAGS)

    %.o: %.c
    $(CC) $(CFLAGS) -c $<

  34. Geoff says:

    Jan,

    Just looking into this now. I am currently running Ubuntu 12.04. I am getting errors running “make” and can’t seem to find dmsetup-tc anywhere.

    here is the output of make

    geoff@UbuntuGeoff:~/Downloads/dmsetup-tc-0.5$ make
    tools/get-version
    gcc -O3 -c main.c
    gcc -O3 -c crc32.c
    gcc -O3 -c xts.c
    gcc -O3 -c pkcs5.c
    gcc -lgcrypt -o dmsetup-tc main.o crc32.o xts.o pkcs5.o
    main.o: In function `crypt_init’:
    main.c:(.text+0x43b): undefined reference to `gcry_check_version’
    main.c:(.text+0x44f): undefined reference to `gcry_control’
    xts.o: In function `aes_xts_decrypt’:
    xts.c:(.text+0×62): undefined reference to `gcry_cipher_open’
    xts.c:(.text+0×88): undefined reference to `gcry_cipher_setkey’
    xts.c:(.text+0x9e): undefined reference to `gcry_err_code_to_errno’
    xts.c:(.text+0xad): undefined reference to `gcry_strerror’
    xts.c:(.text+0xba): undefined reference to `gcry_strsource’
    xts.c:(.text+0xcf): undefined reference to `gcry_cipher_close’
    xts.c:(.text+0×118): undefined reference to `gcry_cipher_encrypt’
    xts.c:(.text+0x13b): undefined reference to `gcry_cipher_setkey’
    xts.c:(.text+0x1da): undefined reference to `gcry_cipher_decrypt’
    xts.c:(.text+0x28b): undefined reference to `gcry_cipher_decrypt’
    xts.c:(.text+0x2aa): undefined reference to `gcry_cipher_close’
    xts.c:(.text+0x2c3): undefined reference to `gcry_err_code_to_errno’
    xts.c:(.text+0x2d2): undefined reference to `gcry_strerror’
    xts.c:(.text+0x2df): undefined reference to `gcry_strsource’
    pkcs5.o: In function `gcry_pbkdf2′:
    pkcs5.c:(.text+0×50): undefined reference to `gcry_md_get_algo_dlen’
    pkcs5.c:(.text+0xe6): undefined reference to `gcry_md_open’
    pkcs5.c:(.text+0xf9): undefined reference to `gcry_malloc’
    pkcs5.c:(.text+0×180): undefined reference to `gcry_md_reset’
    pkcs5.c:(.text+0x19f): undefined reference to `gcry_md_setkey’
    pkcs5.c:(.text+0x1c4): undefined reference to `gcry_md_write’
    pkcs5.c:(.text+0x1d8): undefined reference to `gcry_md_read’
    pkcs5.c:(.text+0×248): undefined reference to `gcry_free’
    pkcs5.c:(.text+0x25c): undefined reference to `gcry_md_close’
    pkcs5.c:(.text+0x28b): undefined reference to `gcry_md_write’
    pkcs5.c:(.text+0x2cb): undefined reference to `gcry_md_write’
    collect2: ld returned 1 exit status
    make: *** [dmsetup-tc] Error 1

    I ran it again with CFLAGS = -O3 -DDEBUG and got

    geoff@UbuntuGeoff:~/Downloads/dmsetup-tc-0.5$ make
    tools/get-version
    gcc -O3 -DDEBUG -c main.c
    gcc -lgcrypt -o dmsetup-tc main.o crc32.o xts.o pkcs5.o
    main.o: In function `crypt_init’:
    main.c:(.text+0x48b): undefined reference to `gcry_check_version’
    main.c:(.text+0x49f): undefined reference to `gcry_control’
    xts.o: In function `aes_xts_decrypt’:
    xts.c:(.text+0×62): undefined reference to `gcry_cipher_open’
    xts.c:(.text+0×88): undefined reference to `gcry_cipher_setkey’
    xts.c:(.text+0x9e): undefined reference to `gcry_err_code_to_errno’
    xts.c:(.text+0xad): undefined reference to `gcry_strerror’
    xts.c:(.text+0xba): undefined reference to `gcry_strsource’
    xts.c:(.text+0xcf): undefined reference to `gcry_cipher_close’
    xts.c:(.text+0×118): undefined reference to `gcry_cipher_encrypt’
    xts.c:(.text+0x13b): undefined reference to `gcry_cipher_setkey’
    xts.c:(.text+0x1da): undefined reference to `gcry_cipher_decrypt’
    xts.c:(.text+0x28b): undefined reference to `gcry_cipher_decrypt’
    xts.c:(.text+0x2aa): undefined reference to `gcry_cipher_close’
    xts.c:(.text+0x2c3): undefined reference to `gcry_err_code_to_errno’
    xts.c:(.text+0x2d2): undefined reference to `gcry_strerror’
    xts.c:(.text+0x2df): undefined reference to `gcry_strsource’
    pkcs5.o: In function `gcry_pbkdf2′:
    pkcs5.c:(.text+0×50): undefined reference to `gcry_md_get_algo_dlen’
    pkcs5.c:(.text+0xe6): undefined reference to `gcry_md_open’
    pkcs5.c:(.text+0xf9): undefined reference to `gcry_malloc’
    pkcs5.c:(.text+0×180): undefined reference to `gcry_md_reset’
    pkcs5.c:(.text+0x19f): undefined reference to `gcry_md_setkey’
    pkcs5.c:(.text+0x1c4): undefined reference to `gcry_md_write’
    pkcs5.c:(.text+0x1d8): undefined reference to `gcry_md_read’
    pkcs5.c:(.text+0×248): undefined reference to `gcry_free’
    pkcs5.c:(.text+0x25c): undefined reference to `gcry_md_close’
    pkcs5.c:(.text+0x28b): undefined reference to `gcry_md_write’
    pkcs5.c:(.text+0x2cb): undefined reference to `gcry_md_write’
    collect2: ld returned 1 exit status
    make: *** [dmsetup-tc] Error 1

    ideas? it may be that there is support for this now, considering how long ago this was posted.

    please let me know what you think is going on.

    • Jan says:

      Hi Geoff,

      sorry for the trouble. Compilers have gotten pickier about the order of arguments in one step of the Makefile, apparently. I’ve pushed out a new version and updated the download link above.

      -Jan

      • Geoff says:

        Thanks Jan,

        ‘make’ works fine now.

        • Geoff says:

          Jan,

          one note on all of the below posts:

          I have now checked around my system to find that my kernel does not have dm-mod built in, nor do I know where to get it.

          I have been looking all over forums, and have yet to find anything that tells me where I can get that kernel module.

          Being that as it may, it may be keeping me from utulizing dmsetup-tc b/c dmsetup isn’t using dm-mod, or something like that.

          I tried this on an encrpyted system (one using LUKS) and an open system, and i get the same result:

          Failure to communicate with kernel device-mapper driver

          or
          device-mapper: create ioctl failed: Device or resource busy
          Command failed

          sorry for all the trouble!

  35. Geoff says:

    Hey Jan,

    I am running into the same problem J.C. had above with my device mapper being used to decrypt my Ubunut distro.

    I have kernel 3.2.0-65 so I assume the kernel has XTS support, but it is probably not enabled. Any ideas on how to enable this?

    or, any other ideas on why I am getting the “Failure to communicate with kernel device-mapper driver.”?

  36. Geoff says:

    As per comments above, i ran “modprobe dm-mod”

    However I am still getting this output:

    geoff@UbuntuGeoff:/usr/bin/dmsetup-tc-0.6$ sudo ./dmsetup-tc /dev/sdb /dev/sdb1 | sudo dmsetup create win1
    Enter passphrase for encrypted volume:
    Could not decrypt the volume. You probably entered a wrong password.
    device-mapper: create ioctl failed: Device or resource busy
    Command failed

    I have entered the password by typing and copying, and get the same result, yet I put it into TrueCrypt, and it is decrypts fine, so its the correct password.

  37. Xavier says:

    How is this any different from the project mentioned below. Fedora recommends it https://fedoraproject.org/wiki/Forbidden_items?rd=ForbiddenItems#TrueCrypt .

    https://github.com/bwalex/tc-play

    are you guys working together?/is your work is being duplicated?if so do you plan to merge?

    • Jan says:

      Thanks Xavier, I didn’t know about tc-play… and apparently its author didn’t know about my dmsetup-tc, either. It looks like it’s quite a bit newer than my project, and definitely more feature-complete. There is probably no real point in continuing dmsetup-tc now.

      If you find that tc-play doesn’t support some of dmsetup-tc’s features (which would surprise me), let me know and I’ll figure things out with the author of tc-play.

      PS. sorry for the late reply; your comment ended up in the moderation queue and somehow the notification mail didn’t reach me.

  38. Paul says:

    I’ve got a similar problem to Geoff: I can’t get anywhere with dmsetup-tc. It just refuses to take the correct password and keeps asking. I don’t get the device-mapper error. My volume is AES-Twofish crypted – does dmsetup-tc support chained ciphers?

  39. mhogomchungu says:

    hi,just came across this website.

    I have a project called zuluCrypt that will give a GUI solution for managing truecrypt volumes in linux.

    The url to the project’s homepage is: http://code.google.com/p/zulucrypt/

Leave a reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please note that comments that look like link spam (contain a link to a commercial website unrelated to the topic at hand) will be removed. If you are a person getting paid to spam websites... don't bother. It takes me less time to remove your post than it would take you to write it.

Bear