View previous topic :: View next topic |
Author |
Message |
kingfame_147 Apprentice
Joined: 11 Oct 2008 Posts: 171
|
Posted: Sun Mar 21, 2010 2:50 pm Post subject: |
|
|
I've done some debug on it.
The kernel panic happens when the initram exit and the kernel is on the run.
I don't get it where the problem is :/
The scripts seems to work. It decryt the swap and root partition to /dev/mapper/swap and /dev/mapper/root. I can exit the script at the last command and mount those 2 partitions without a problem. So it shouldn't be a problem for the kernel to mount "/dev/mapper/root to /", like it is in the fstab.
Now I don't think its the script that doesn't work, because the error occurs when exiting busybox. And like i said: The decrypt part works... :/
Edit:
I did some reading about initram stuff. I think i found the problem, i'll post later if it is really what i think :)
Edit2:
It was a stupid configuration mistake by me :/ The problem is that the variables at the begin of the init-file aren't that good documented, easy to make mistakes. Finding out the right values for the cfg_* variables the script works out of the box.
Just need to do some extra stuff for my raid etc.
When i have some time i'll start a section at the wiki for those variables and explain those which i understand. |
|
Back to top |
|
|
IronMania n00b
Joined: 09 Mar 2008 Posts: 2
|
Posted: Sun Oct 17, 2010 3:51 pm Post subject: Insert the removable device |
|
|
Hi,
I have an problem with my Key file on the removable device (USB stick)
I come to the point, where I think everything should work and I want to decrypt the HD. I am using DM-Crypt with keyfile (no GPG).
When I come to the Point
Code: | * Please insert removable device /dev/sdb1... |
The next line is from my Synaptics Touchpad with some info.
After that
Code: | input: SynPS/2 Synaptics TouchPad as /devices/platform/i8042/serio2/input/input1 |
then the code stops.
Did I compiled something in the Kernel wrong?
USB-stick is plugged in and it "should" work. I did everything according to the wiki page (besides the init script, that was a second website linked from that one).
*EDIT*
It worked now, that it detects the USB stick (I missed compiling USB in the Kernel), so that solved that problem with not detecting my USB device. BUT the device is still not detected. it tells me insert a USB device, it is inserted and nothing happens at all. I tried changing my sda7 ( root ) to hda7, because it tells me when I connect the usb that it is now sda1. I don't know what to do.
Thanks for your helps
Greetings
IronMania |
|
Back to top |
|
|
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Sat Nov 06, 2010 3:30 pm Post subject: |
|
|
Greetings,
I didn't notice that there's [Support] System Encryption DM-Crypt with LUKS thread, so I made separate post about my problem with system encryption here. Could someone please check what I may have done wrong. |
|
Back to top |
|
|
Barabbas n00b
Joined: 30 Oct 2008 Posts: 6
|
Posted: Sun Oct 23, 2011 5:19 pm Post subject: |
|
|
kingfame_147 wrote: | I've done some debug on it.
The kernel panic happens when the initram exit and the kernel is on the run.
I don't get it where the problem is :/
The scripts seems to work. It decryt the swap and root partition to /dev/mapper/swap and /dev/mapper/root. I can exit the script at the last command and mount those 2 partitions without a problem. So it shouldn't be a problem for the kernel to mount "/dev/mapper/root to /", like it is in the fstab.
Now I don't think its the script that doesn't work, because the error occurs when exiting busybox. And like i said: The decrypt part works... :/
When i have some time i'll start a section at the wiki for those variables and explain those which i understand. |
I am having the same problem, the volume decrypts fine (i think), but then when it gets to the switch_root it prints the command usage and dies.
I got my init script from github, it is a current version. My root file system is on the sda1 PV which is formatted as ext3, I am using a gpg encrypted key file and extlinux bootloader from an usb flash memory card, this is my extlinux.conf:
Code: | DEFAULT menu.c32
TIMEOUT 100
PROMPT 0
LABEL Gentoo
MENU LABEL Gentoo Linux 3.0.4-hardened-r5
MENU DEFAULT
KERNEL bzImage
APPEND iroot=sda1 ikroot=gpg:sdc1:keys/GentooROOT.gpg \
vga=0x356 video=vesafb:ywrap,mtrr:3 \
initrd=initramfs-gentoo-crypt \
console =/dev/tty1
|
I also built initramfs by hand, all the binaries are linked statically, I am not using squashfs nor bootsplash themes.
This is when it dies:
Code: |
...
* Removable device mounted.
* ROOT LV...
*...encrypted rootfs.
gpg: can't open `/usr/share/gnupg/options.skel`: No such file or directory.
gpg: WARNING: message was not integrity protected
fsck (busybox 1.19.2, 2011-10-23 09:02:25 CEST)
grsec: unmount of /dev/sdc1 by /bin/busybox[umount:1464] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid 0/0
* SWITCHING root '/'...
/init: line 403: can't create /lib/splash/cache/.splash: nonexistent directory
grsec: unmount of proc by /bin/busybox...
grsec: unmount of sysfs by /bin/busybox...
grsec: unmount of tmpfs by /bin/busybox...
Busybox v1.19.2 (2011-10-23...) multi-call binary.
Usage: switch_root [-s /dev/console] NEW_ROOT NEW_INIT [ARGS]
Free initramfs and switch to another root fs:
chroo to NEW_ROOT, delete all in /,move NEW_ROOT to /,
execute NEW_ROOT. PID must be 1, NEW_ROOT must be a mountpoint.
-c DEV Reopen stdio to DEV after switch
switch_root used greatest stack depth:4416 bytes left
Kernel panic - not syncing: Attempted to kill init!
Pid: 1,comm: switch_root Not tainted 3.0.4-hardened-r5-1 #2
Call trace...
...
|
|
|
Back to top |
|
|
gw Apprentice
Joined: 03 Dec 2006 Posts: 215
|
Posted: Mon Oct 24, 2011 4:00 pm Post subject: |
|
|
Hi
thanks for this huge coding and write-up effort with "DM-Crypt with LUKS"!
I'm also trying to follow this guide in order to have a laptop with an encrypted root.
Things are even more complicated by the fact, that I am trying to do this on an MacBook Pro dual boot machine (MacOSX and Gentoo Linux). Booting is done with the MacBooks uefi system.
In reading these docs
some things remained unclear though; I would be glad if someone (tclover?) could help me out with that:
1) the scripts dealing with squashing the directories. -- I want to squash /usr/portage. But I don't see how the script or the service (sqfsdmount) automatically updates the underlying portage tree. But this should be done, shouldn't it, e.g. after a emerge --sync. I can't see how this is done.
2) the huge init script (new version: revision=0.3.6_p20111022). -- Can I use this script without modification even if I don't intend to use lvm and neither hibernation?
3) What I'm trying to do is (simply?) to have an initramdisk init script decrypt an encrypted partition by asking for a passphrase and then switching to the new root and it's init.
The gentoo initramfs doc: has a very rudimentary init script, that nevertheless also enables dm-crypt setups.
Code: |
#!/bin/busybox sh
# Mount the /proc and /sys filesystems.
mount -t proc none /proc
mount -t sysfs none /sys
# Do your stuff here.
echo "This script mounts rootfs and boots it up, nothing more!"
# Mount the root filesystem.
mount -o ro /dev/sda1 /mnt/root
# Clean up.
umount /proc
umount /sys
# Boot the real thing.
exec switch_root /mnt/root /sbin/init
|
Now wouldn't something like Code: | cryptsetup -T 5 luksOpen /dev/sda1 luks
mount -o ro /dev/mapper/luks /mnt/root
|
inserted in the above suffice to decrypt and mount the real root?
Please forgive me if this is an idiotic question, but as I'm already dealing with the complications of my dual boot setup, I'm trying to keep things as simple as possible (and I must admit that I fail to thoroughly understand, what the original long init script really does!).
Thanks for your help!
gw |
|
Back to top |
|
|
tclover Guru
Joined: 10 Apr 2011 Posts: 516
|
Posted: Tue Oct 25, 2011 3:24 pm Post subject: |
|
|
gw wrote: | 1) the scripts dealing with squashing the directories. -- I want to squash /usr/portage. But I don't see how the script or the service (sqfsdmount) automatically updates the underlying portage tree. But this should be done, shouldn't it, e.g. after a emerge --sync. I can't see how this is done. |
You don't need to append an argument for a squashed directory like portage with the initramfs, no need for that for a directory which is not used when booting. You can pretty much add the script (`/etc/init.d/sqfsdmount') into boot runlevel, it will do the job for that. And use sdr[|sqfsd-rebuild] to build you initial squashed diretory-ies and rebuild/update them afterwards.
If you want to automate the updating rebuilding, you can use the newest sdr script,--that you can add in a cron job for directory-ies different than bin/lib$ARCH (32|64),--which has an offset argument/parameter to that let the script rebuild the directory if enough the writable aufs branch has enough changes or you can fore it to unconditional rebuild(s). That a different story for bin:lib$ARCH... consult the KnownIssue for more info about possible issue for bin:lib$ARCH over there.
gw wrote: | 2) the huge init script (new version: revision=0.3.6_p20111022). -- Can I use this script without modification even if I don't intend to use lvm and neither hibernation? |
Already replied on the dedicated alternate topic. YES OF COURSE!
gw wrote: | 3) What I'm trying to do is (simply?) to have an initramdisk init script decrypt an encrypted partition by asking for a passphrase and then switching to the new root and it's init. |
You just can do that with a plain passphrase, a plain key-file or an encrypted key-file (LUKS|GnuPG). Just choose what fit you or what you require.
To finish, of course you can use a very simple init script made by yourself to bring userspace from an encrypted PV/LV but that won't be flexible for changes/new trequirement without some time to code. I guess old Reikinio init script a step forward to have more room/possibilities and mine just took a few things forward. |
|
Back to top |
|
|
d-fens Tux's lil' helper
Joined: 09 Jan 2004 Posts: 93
|
Posted: Wed Jan 02, 2013 11:53 am Post subject: |
|
|
hi,
want to get my zfs on crypted luks (sda2 + sdb2 crypted and used decrypted in a mirrored pool ) running, but the initramfs is the missing link now.
tried to generate one with mkinitramfs-ll-9999 but it bails out druing emerge with:
Code: | install: cannont stat xcpio: no such file or directory | and in /var/tmp/portage/sys-kernel/mkinitramfs-ll-9999/image//usr/share/mkinitramfs-ll/scripts there is no file, how can i fix that? |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|