Make crypt_load quiet if metadata is not detected.

Ths will allow automatic scan of known formats.

Errors are printed only if something is wrong with already detected metadata.

This change means that it is responsibility of the caller to print an error
message if needed.

Also fix some places without a message.

Fixes: #642

lib/bitlk/bitlk.c

@@ -430,8 +430,8 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 	/* read and check the signature */
 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 		device_alignment(device), &sig, sizeof(sig), 0) != sizeof(sig)) {
-		log_err(cd, _("Failed to read BITLK signature from %s."), device_path(device));
-		r = -EINVAL;
+		log_dbg(cd, "Failed to read BITLK signature from %s.", device_path(device));
+		r = -EIO;
 		goto out;
 	}
 
@@ -442,7 +442,7 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 		params->togo = true;
 		fve_offset = BITLK_HEADER_METADATA_OFFSET_TOGO;
 	} else {
-		log_err(cd, _("Invalid or unknown signature for BITLK device."));
+		log_dbg(cd, "Invalid or unknown signature for BITLK device.");
 		r = -EINVAL;
 		goto out;
 	}

lib/integrity/integrity.c

@@ -51,7 +51,7 @@ static int INTEGRITY_read_superblock(struct crypt_device *cd,
 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 	    device_alignment(device), sb, sizeof(*sb), offset) != sizeof(*sb) ||
 	    memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic))) {
-		log_err(cd, _("No kernel dm-integrity metadata detected on %s."), device_path(device));
+		log_dbg(cd, "No kernel dm-integrity metadata detected on %s.", device_path(device));
 		r = -EINVAL;
 	} else if (sb->version < SB_VERSION_1 || sb->version > SB_VERSION_5) {
 		log_err(cd, _("Incompatible kernel dm-integrity metadata (version %u) detected on %s."),

lib/libcryptsetup.h

@@ -767,7 +767,8 @@ int crypt_volume_key_keyring(struct crypt_device *cd, int enable);
  * @post In case LUKS header is read successfully but payload device is too small
  * error is returned and device type in context is set to @e NULL
  *
- * @note Note that in current version load works only for LUKS and VERITY device type.
+ * @note Note that load works only for device types with on-disk metadata.
+ * @note Function does not print visible error message if metadata is not present.
  *
  */
 int crypt_load(struct crypt_device *cd,

lib/setup.c

@@ -752,7 +752,7 @@ static void _luks2_reload(struct crypt_device *cd)
 }
 
 static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
-			    int require_header, int repair)
+			    bool quiet, bool repair)
 {
 	char *cipher_spec;
 	struct luks_phdr hdr = {};
@@ -784,7 +784,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
 				return r;
 		}
 
-		r = LUKS_read_phdr(&hdr, require_header, repair, cd);
+		r = LUKS_read_phdr(&hdr, !quiet, repair, cd);
 		if (r)
 			goto out;
 
@@ -829,6 +829,8 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
 		r =  _crypt_load_luks2(cd, cd->type != NULL, repair);
 		if (!r)
 			device_set_block_size(crypt_data_device(cd), LUKS2_get_sector_size(&cd->u.luks2.hdr));
+		else if (!quiet)
+			log_err(cd, _("Device %s is not a valid LUKS device."), mdata_device_path(cd));
 	} else {
 		if (version > 2)
 			log_err(cd, _("Unsupported LUKS version %d."), version);
@@ -1024,7 +1026,7 @@ int crypt_load(struct crypt_device *cd,
 			return -EINVAL;
 		}
 
-		r = _crypt_load_luks(cd, requested_type, 1, 0);
+		r = _crypt_load_luks(cd, requested_type, true, false);
 	} else if (isVERITY(requested_type)) {
 		if (cd->type && !isVERITY(cd->type)) {
 			log_dbg(cd, "Context is already initialized to type %s", cd->type);
@@ -1268,7 +1270,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
 		cd->u.loopaes.key_size = tgt->u.crypt.vk->keylength / key_nums;
 	} else if (isLUKS1(cd->type) || isLUKS2(cd->type)) {
 		if (crypt_metadata_device(cd)) {
-			r = _crypt_load_luks(cd, cd->type, 0, 0);
+			r = _crypt_load_luks(cd, cd->type, true, false);
 			if (r < 0) {
 				log_dbg(cd, "LUKS device header does not match active device.");
 				crypt_set_null_type(cd);
@@ -2377,7 +2379,7 @@ int crypt_repair(struct crypt_device *cd,
 		return -EINVAL;
 
 	/* Load with repair */
-	r = _crypt_load_luks(cd, requested_type, 1, 1);
+	r = _crypt_load_luks(cd, requested_type, false, true);
 	if (r < 0)
 		return r;
 
@@ -3066,7 +3068,7 @@ int crypt_header_backup(struct crypt_device *cd,
 		return -EINVAL;
 
 	/* Load with repair */
-	r = _crypt_load_luks(cd, requested_type, 1, 0);
+	r = _crypt_load_luks(cd, requested_type, false, false);
 	if (r < 0)
 		return r;
 
@@ -3132,7 +3134,7 @@ int crypt_header_restore(struct crypt_device *cd,
 		r = -EINVAL;
 
 	if (!r)
-		r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, 1, 1);
+		r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, false, true);
 
 	return r;
 }

lib/verity/verity.c

@@ -87,8 +87,7 @@ int VERITY_read_sb(struct crypt_device *cd,
 		return -EIO;
 
 	if (memcmp(sb.signature, VERITY_SIGNATURE, sizeof(sb.signature))) {
-		log_err(cd, _("Device %s is not a valid VERITY device."),
-			device_path(device));
+		log_dbg(cd, "No VERITY signature detected.");
 		return -EINVAL;
 	}
 

src/cryptsetup.c

@@ -628,8 +628,10 @@ static int action_bitlkDump(void)
 		goto out;
 
 	r = crypt_load(cd, CRYPT_BITLK, NULL);
-	if (r < 0)
+	if (r < 0) {
+		log_err(_("Device %s is not a valid BITLK device."), action_argv[0]);
 		goto out;
+	}
 
 	if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID))
 		r = bitlkDump_with_volume_key(cd);

src/integritysetup.c

@@ -360,8 +360,10 @@ static int action_open(void)
 		goto out;
 
 	r = crypt_load(cd, CRYPT_INTEGRITY, &params);
-	if (r)
+	if (r) {
+		log_err(_("Device %s is not a valid INTEGRITY device."), action_argv[0]);
 		goto out;
+	}
 
 	if (ARG_SET(OPT_INTEGRITY_LEGACY_RECALC_ID))
 		crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC);
@@ -515,6 +517,8 @@ static int action_dump(void)
 	r = crypt_load(cd, CRYPT_INTEGRITY, &params);
 	if (!r)
 		crypt_dump(cd);
+	else
+		log_err(_("Device %s is not a valid INTEGRITY device."), action_argv[0]);
 
 	crypt_free(cd);
 	return r;

src/veritysetup.c

@@ -192,6 +192,9 @@ static int _activate(const char *dm_device,
 		params.fec_device = ARG_STR(OPT_FEC_DEVICE_ID);
 		params.fec_roots = ARG_UINT32(OPT_FEC_ROOTS_ID);
 		r = crypt_load(cd, CRYPT_VERITY, &params);
+		if (r)
+			log_err(_("Device %s is not a valid VERITY device."), hash_device);
+
 	} else {
 		r = _prepare_format(&params, data_device, flags | CRYPT_VERITY_NO_HEADER);
 		if (r < 0)
@@ -465,6 +468,9 @@ static int action_dump(void)
 	r = crypt_load(cd, CRYPT_VERITY, &params);
 	if (!r)
 		crypt_dump(cd);
+	else
+		log_err(_("Device %s is not a valid VERITY device."), action_argv[0]);
+
 	crypt_free(cd);
 	return r;
 }

tokens/ssh/cryptsetup-ssh.c

@@ -73,8 +73,10 @@ static int token_add(
 		return r;
 
 	r = crypt_load(cd, CRYPT_LUKS2, NULL);
-	if (r)
+	if (r) {
+		l_err(cd, _("Device %s is not a valid LUKS device."), device);
 		goto out;
+	}
 
 	r = -EINVAL;
 	jobj = json_object_new_object();