Storage decryption suddenly not accepting key

[metakermit]

After a few weeks of using the encrypted LUKS storage partition normally, it suddenly stopped accepting my USB key.

root@kermit-blimp:/opt/cloudfleet/engineroom/bin/cryptpart# ./open_partition.sh
labels: cf-key, cf-swap, cf-str
key: /dev/disk/by-label/cf-key, /mnt/storage-key
storage: /dev/disk/by-uuid/dca88d5a-978f-4b09-8848-1ae9d6ad66d, /dev/disk/by-uuid/dca88d5a-978f-4b09-8848-1ae9d6ad66d9, /dev/mapper/cf-str, /mnt/storage
swap: /dev/disk/by-id/usb-Intenso_Micro_Line_15041600001837-0:0-part1, /dev/mapper/cf-swap
[....] Starting crypto disk...[info] cf-str (starting)...
No key available with this passphrase.
No key available with this passphrase.
No key available with this passphrase.
[FAILr (failed)...failed.
[ ok ] Starting crypto disk...cf-swap (running)...done.
swapon: /dev/mapper/cf-swap: swapon failed: Device or resource busy
mount: special device /dev/mapper/cf-str does not exist
mount: special device /dev/mapper/cf-str does not exist
mount: special device /dev/mapper/cf-str does not exist

The key is still present on the encryption key USB.

root@kermit-blimp:/opt/cloudfleet/engineroom/bin/cryptpart# lsblk
NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                  8:0    1  29.7G  0 disk
└─sda1               8:1    1  29.7G  0 part  /mnt/storage-key
sdb                  8:16   1  29.7G  0 disk
├─sdb1               8:17   1     2G  0 part
│ └─cf-swap (dm-0) 253:0    0     2G  0 crypt [SWAP]
└─sdb2               8:18   1  27.7G  0 part
mmcblk0            179:0    0   7.4G  0 disk
└─mmcblk0p1        179:1    0   7.4G  0 part  /
root@kermit-blimp:/opt/cloudfleet/engineroom/bin/cryptpart# ls /mnt/storage-key/
total 20
-r-------- 1 root root  4096 Jan  1  1970 key
drwx------ 2 root root 16384 Dec 16 21:44 lost+found
root@kermit-blimp:/opt/cloudfleet/engineroom/bin/cryptpart#

[metakermit]

Some hints here. fsck reports some errors for /dev/sdb2 which contains my encrypted storage partition:

root@kermit-blimp:/opt/cloudfleet/engineroom/bin/cryptpart# fsck -n /dev/sdb2
fsck from util-linux 2.20.1
fsck: fsck.crypto_LUKS: not found
fsck: error 2 while executing fsck.crypto_LUKS for /dev/sdb2
root@kermit-blimp:/opt/cloudfleet/engineroom/bin/cryptpart# echo $?
8

The manpage says "8 - Operational error".

[metakermit]

Seems the fsck error could be due to the partition being encrypted based on the suggestions to first open it here. Could perhaps be related to the old Cubox kernel issue. The modinfo output is pointing to the patched module version in extra/, so it should work, though:

root@kermit-blimp:~# modinfo aes-arm-bs
filename:       /lib/modules/3.14.14-cubox/extra/aes-arm-bs.ko
license:        GPL
author:         Ard Biesheuvel <[email protected]>
description:    Bit sliced AES in CBC/CTR/XTS modes using NEON
srcversion:     6F56BC7E3D010A48518845C
depends:
vermagic:       3.14.14-cubox-i SMP mod_unload modversions ARMv7 p2v8

[metakermit]

Don't know... This example here works, even though it shouldn't if there was an error with the module, so it looks like the issue is in one of the USBs. Maybe a bad sector or something.