Running sudo file -s /dev/sdc
returns:
/dev/sdc: x86 boot sector
Making it very probable that the LUKS header, which was raw on disk, was overwritten by a bootloader. The default for Ubuntu without LVM seems to be to install a LUKS volume directly to the disk.
The system is actually dual-booting Windows 10 and Ubuntu (should have mentioned this, sorry!). To find out the culprit (hint: It's always Microsoft): we parse the strings in the first sector of the disk:
sudo dd bs=512 count=1 if=/dev/sdc 2>/dev/null | strings
Which shows for the backup disk with the lost LUKS header:
Invalid partition table
Error loading operating system
Missing operating system
The default boot drive has Grub 2 and for the same command returns:
GRUB
Geom
Hard Disk
Read
Error
The Windows 10 disk with the Windows 10 boatloader:
Invalid partition table
Error loading operating system
Missing operating system
Bingo! Now I know that I manually installed the Windows bootloader only to the Windows 10 disk, as I had accidentally overwritten it myself with a Grub bootloader and I know the LUKS volume was still there afterwards. However, I have run several automatic Windows 10 repair utilities, as my Windows 10 install keeps freezing/crashing. So it could be possible that one of them decided to appropriate the backup disk for an extra bootloader.
Best Answer
The error code 4 returned by udisks2 (which is used by gnome-disks-utilities internally) is the constant
UDISKS_ERROR_NOT_AUTHORIZED_CAN_OBTAIN
in code.This code is returned, if the current subject (the gnome-disks applications, actually) is not allowed to do the unlock operation, however it might be allowed if further authentication would be provided, typically by providing the system administrator's (root) password.
Such additional password query is typically handled by a so-called authentication agent. It seems that this agent is not setup correctly in your environment.
I had the same problem using gnome-disks within an i3wm-session (in archlinux -- however this should be similar under Ubuntu): After having installed the (legacy) "polkit-gnome" authentication agent (and starting it in a session startup script), I got first the passphrase dialog for specifying the LUKS passphrase of the device and then a second dialog asking for the root password.
The command line hack you mention can alternatively also be done using
udisksctl
in an cleaner way:Note that the
udisksctl unlock
will ask for the (same) two passwords as gnome-disks would do when the authentication agent is setup correctly. No need to usesudo
here.For further information, dig into udisks2 and polkit documentation or look into udisks2 source code directly. This is how I understood and finally solved the problem for me.