Error in fvdeinfo and fvdemount

[mbernaschi]

Hello, I am trying to use the fvdetools but I consistently get the same error and I wonder if there is something wrong with my build (or if I am using. I am using the 20160918 build. I built the image of an USB driver (8 GB). The output of mmls is the following GUID Partition Table (EFI) Offset Sector: 0 Units are in 512-byte sectors

  Slot      Start        End          Length       Description

000: Meta 0000000000 0000000000 0000000001 Safety Table 001: ------- 0000000000 0000000039 0000000040 Unallocated 002: Meta 0000000001 0000000001 0000000001 GPT Header 003: Meta 0000000002 0000000033 0000000032 Partition Table 004: 000 0000000040 0000409639 0000409600 EFI System Partition 005: 001 0000409640 0014876631 0014466992 HFSTest 006: 002 0014876632 0015138775 0000262144 Booter 007: ------- 0015138776 0015138815 0000000040 Unallocated

Then I tried both fvdemount and fvdeinfo with the following syntax: fvdeinfo -p XXXX /data01/scratch/testfv2.dd and fvdemount -X allow_root -p XXXX /data01/scratch/testfv2.dd /tmp/abcd but, in both cases, I got the following error

Unable to open: /data01/scratch/testfv2.dd. libfvde_io_handle_read_volume_header: unsupported core storage signature. libfvde_volume_open_read: unable to read volume header. libfvde_volume_open_file_io_handle: unable to read from file IO handle. mount_handle_open_input: unable to open input volume.

I have exactly the same problem with the image of a full disk having the following structure (from mmls): GUID Partition Table (EFI) Offset Sector: 0 Units are in 512-byte sectors

  Slot      Start        End          Length       Description

000: Meta 0000000000 0000000000 0000000001 Safety Table 001: ------- 0000000000 0000000039 0000000040 Unallocated 002: Meta 0000000001 0000000001 0000000001 GPT Header 003: Meta 0000000002 0000000033 0000000032 Partition Table 004: 000 0000000040 0000409639 0000409600 EFI System Partition 005: 001 0000409640 0488965175 0488555536 Customer 006: 002 0488965176 0490234711 0001269536 Recovery HD 007: ------- 0490234712 0490234751 0000000040 Unallocated

I built the image of the USB drive because it is "reasonably" small (slight less than 8 GB) so, maybe, Joachim can take a look at it (I can make it available for download). Any help by Joachim or by other, expert users, is very welcome! Massimo

[joachimmetz]

libfvde_io_handle_read_volume_header: unsupported core storage signature.

this is telling you it cannot find the FVDE format, try adding the byte offset of the volume with -o. Also see: https://github.com/libyal/libfvde/wiki/Mounting

[mbernaschi]

Thanks Joachim, for the prompt reply and sorry for overlooking the documentation. By adding the offset (multiplied by the sector size) I got a more meaningful Unable to unlock keys error. However this means that fvdemount still fails. I am confident of the password (I created the encrypted volume on the USB keys few days ago). I just wonder if I am still doing something wrong. This the command I am using now: fvdemount -X allow_root -v -p XXXX -o $((512*409640)) /data01/scratch/testfv2.dd /tmp/abcd and the error is Unable to unlock keys On this volume there is no Recovery partition so I can not use the other syntax (with the EncryptedRoot.plist.wipekey file and the recovery help). Thanks again for your kind collaboration, Massimo

[joachimmetz]

the project is experimental, could you check with verbose/debug output if this is an issue with format support. Also see" https://github.com/libyal/libfvde/wiki/Troubleshooting#verbose-and-debug-output

[joachimmetz]

No update from original reporter, closing issue