Wipe start of device before LUKS-formatting.

Cryptsetup keeps some sectors (between the physical LUKS header
and keyslot data) on disk untouched, unfortunatelly ext2/3/4 signature can
be there and blkid detects filesystem here instead of LUKS.

This patch wipes the first eight sectors on disk with zero during luksFormat.
This should be probably solved by physical header padding in next version.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@38 36d66b0a-2a48-0410-832c-cd162a569da5

diff --git a/lib/setup.c b/lib/setup.c
index 1b13af6..7f3ef65 100644 (file)
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -198,6 +198,34 @@ out:
        return ret;
 }
 
+static int wipe_device_header(const char *device, int sectors)
+{
+       char *buffer;
+       int size = sectors * SECTOR_SIZE;
+       int r = -1;
+       int devfd;
+
+       devfd = open(device, O_RDWR | O_DIRECT | O_SYNC);
+       if(devfd == -1) {
+               set_error("Can't wipe header on device %s", device);
+               return -EINVAL;
+       }
+
+       buffer = malloc(size);
+       if (!buffer) {
+               close(devfd);
+               return -ENOMEM;
+       }
+       memset(buffer, 0, size);
+
+       r = write_blockwise(devfd, buffer, size) < size ? -EIO : 0;
+
+       free(buffer);
+       close(devfd);
+
+       return r;
+}
+
 static int parse_into_name_and_mode(const char *nameAndMode, char *name,
                                    char *mode)
 {
@@ -459,6 +487,10 @@ static int __crypt_luks_format(int arg, struct setup_backend *backend, struct cr
                r = -EINVAL; goto out;
        }
 
+       /* Wipe first 8 sectors - fs magic numbers etc. */
+       r = wipe_device_header(options->device, 8);
+       if(r < 0) goto out;
+
        /* Set key, also writes phdr */
        r = LUKS_set_key(options->device, keyIndex, password, passwordLen, &header, mk, backend);
        if(r < 0) goto out;