Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Support] System Encryption DM-Crypt with LUKS
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 18, 19, 20  
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
kingfame_147
Apprentice
Apprentice


Joined: 11 Oct 2008
Posts: 171

PostPosted: Sun Mar 21, 2010 2:50 pm    Post subject: Reply with quote

I've done some debug on it.

The kernel panic happens when the initram exit and the kernel is on the run.

I don't get it where the problem is :/


The scripts seems to work. It decryt the swap and root partition to /dev/mapper/swap and /dev/mapper/root. I can exit the script at the last command and mount those 2 partitions without a problem. So it shouldn't be a problem for the kernel to mount "/dev/mapper/root to /", like it is in the fstab.


Now I don't think its the script that doesn't work, because the error occurs when exiting busybox. And like i said: The decrypt part works... :/

Edit:
I did some reading about initram stuff. I think i found the problem, i'll post later if it is really what i think :)

Edit2:
It was a stupid configuration mistake by me :/ The problem is that the variables at the begin of the init-file aren't that good documented, easy to make mistakes. Finding out the right values for the cfg_* variables the script works out of the box.
Just need to do some extra stuff for my raid etc.

When i have some time i'll start a section at the wiki for those variables and explain those which i understand.
Back to top
View user's profile Send private message
IronMania
n00b
n00b


Joined: 09 Mar 2008
Posts: 2

PostPosted: Sun Oct 17, 2010 3:51 pm    Post subject: Insert the removable device Reply with quote

Hi,

I have an problem with my Key file on the removable device (USB stick)

I come to the point, where I think everything should work and I want to decrypt the HD. I am using DM-Crypt with keyfile (no GPG).
When I come to the Point

Code:
* Please insert removable device /dev/sdb1...

The next line is from my Synaptics Touchpad with some info.
After that
Code:
input: SynPS/2 Synaptics TouchPad as /devices/platform/i8042/serio2/input/input1


then the code stops.
Did I compiled something in the Kernel wrong?

USB-stick is plugged in and it "should" work. I did everything according to the wiki page (besides the init script, that was a second website linked from that one).

*EDIT*
It worked now, that it detects the USB stick (I missed compiling USB in the Kernel), so that solved that problem with not detecting my USB device. BUT the device is still not detected. it tells me insert a USB device, it is inserted and nothing happens at all. I tried changing my sda7 ( root ) to hda7, because it tells me when I connect the usb that it is now sda1. I don't know what to do.


Thanks for your helps

Greetings
IronMania
Back to top
View user's profile Send private message
Nublet
n00b
n00b


Joined: 31 Oct 2010
Posts: 9

PostPosted: Sat Nov 06, 2010 3:30 pm    Post subject: Reply with quote

Greetings,

I didn't notice that there's [Support] System Encryption DM-Crypt with LUKS thread, so I made separate post about my problem with system encryption here. Could someone please check what I may have done wrong.
Back to top
View user's profile Send private message
Barabbas
n00b
n00b


Joined: 30 Oct 2008
Posts: 6

PostPosted: Sun Oct 23, 2011 5:19 pm    Post subject: Reply with quote

kingfame_147 wrote:
I've done some debug on it.

The kernel panic happens when the initram exit and the kernel is on the run.

I don't get it where the problem is :/


The scripts seems to work. It decryt the swap and root partition to /dev/mapper/swap and /dev/mapper/root. I can exit the script at the last command and mount those 2 partitions without a problem. So it shouldn't be a problem for the kernel to mount "/dev/mapper/root to /", like it is in the fstab.


Now I don't think its the script that doesn't work, because the error occurs when exiting busybox. And like i said: The decrypt part works... :/

When i have some time i'll start a section at the wiki for those variables and explain those which i understand.


I am having the same problem, the volume decrypts fine (i think), but then when it gets to the switch_root it prints the command usage and dies.

I got my init script from github, it is a current version. My root file system is on the sda1 PV which is formatted as ext3, I am using a gpg encrypted key file and extlinux bootloader from an usb flash memory card, this is my extlinux.conf:
Code:
DEFAULT menu.c32
TIMEOUT 100
PROMPT 0

LABEL Gentoo
        MENU LABEL Gentoo Linux 3.0.4-hardened-r5
        MENU DEFAULT
        KERNEL bzImage
        APPEND iroot=sda1 ikroot=gpg:sdc1:keys/GentooROOT.gpg \
                    vga=0x356 video=vesafb:ywrap,mtrr:3 \
                    initrd=initramfs-gentoo-crypt \
                    console =/dev/tty1

I also built initramfs by hand, all the binaries are linked statically, I am not using squashfs nor bootsplash themes.

This is when it dies:
Code:

 ...                                                                                                                                                                                         
 * Removable device mounted.
 * ROOT LV...
 *...encrypted rootfs.
 gpg: can't open `/usr/share/gnupg/options.skel`: No such file or directory.
 gpg: WARNING: message was not integrity protected
 fsck (busybox 1.19.2, 2011-10-23 09:02:25 CEST)
 grsec: unmount of /dev/sdc1 by /bin/busybox[umount:1464] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid 0/0
 * SWITCHING root '/'...
 /init: line 403: can't create /lib/splash/cache/.splash: nonexistent directory
 grsec: unmount of proc by /bin/busybox...
 grsec: unmount of sysfs by /bin/busybox...
 grsec: unmount of tmpfs by /bin/busybox...
 Busybox v1.19.2 (2011-10-23...) multi-call binary.
 
 Usage: switch_root [-s /dev/console] NEW_ROOT NEW_INIT [ARGS]
 
 Free initramfs and switch to another root fs:
 chroo to NEW_ROOT, delete all in /,move NEW_ROOT to /,
 execute NEW_ROOT. PID must be 1, NEW_ROOT must be a mountpoint.
 
     -c DEV Reopen stdio to DEV after switch
 
 switch_root used greatest stack depth:4416 bytes left
 Kernel panic - not syncing: Attempted to kill init!
 Pid: 1,comm: switch_root Not tainted 3.0.4-hardened-r5-1 #2
 Call trace...
 ...
Back to top
View user's profile Send private message
gw
Apprentice
Apprentice


Joined: 03 Dec 2006
Posts: 215

PostPosted: Mon Oct 24, 2011 4:00 pm    Post subject: Reply with quote

Hi

thanks for this huge coding and write-up effort with "DM-Crypt with LUKS"!
I'm also trying to follow this guide in order to have a laptop with an encrypted root.
Things are even more complicated by the fact, that I am trying to do this on an MacBook Pro dual boot machine (MacOSX and Gentoo Linux). Booting is done with the MacBooks uefi system.

In reading these docs
Quote:

http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS
https://forums.gentoo.org/viewtopic-t-879125.html

some things remained unclear though; I would be glad if someone (tclover?) could help me out with that:

1) the scripts dealing with squashing the directories. -- I want to squash /usr/portage. But I don't see how the script or the service (sqfsdmount) automatically updates the underlying portage tree. But this should be done, shouldn't it, e.g. after a emerge --sync. I can't see how this is done.

2) the huge init script (new version: revision=0.3.6_p20111022). -- Can I use this script without modification even if I don't intend to use lvm and neither hibernation?

3) What I'm trying to do is (simply?) to have an initramdisk init script decrypt an encrypted partition by asking for a passphrase and then switching to the new root and it's init.

The gentoo initramfs doc:
Quote:

http://en.gentoo-wiki.com/wiki/Initramfs
has a very rudimentary init script, that nevertheless also enables dm-crypt setups.
Code:

#!/bin/busybox sh

# Mount the /proc and /sys filesystems.
mount -t proc none /proc
mount -t sysfs none /sys

# Do your stuff here.
echo "This script mounts rootfs and boots it up, nothing more!"

# Mount the root filesystem.
mount -o ro /dev/sda1 /mnt/root

# Clean up.
umount /proc
umount /sys

# Boot the real thing.
exec switch_root /mnt/root /sbin/init


Now wouldn't something like
Code:
cryptsetup -T 5 luksOpen /dev/sda1 luks
mount -o ro /dev/mapper/luks /mnt/root

inserted in the above suffice to decrypt and mount the real root?
Please forgive me if this is an idiotic question, but as I'm already dealing with the complications of my dual boot setup, I'm trying to keep things as simple as possible (and I must admit that I fail to thoroughly understand, what the original long init script really does!).

Thanks for your help!

gw
Back to top
View user's profile Send private message
tclover
Guru
Guru


Joined: 10 Apr 2011
Posts: 516

PostPosted: Tue Oct 25, 2011 3:24 pm    Post subject: Reply with quote

gw wrote:
1) the scripts dealing with squashing the directories. -- I want to squash /usr/portage. But I don't see how the script or the service (sqfsdmount) automatically updates the underlying portage tree. But this should be done, shouldn't it, e.g. after a emerge --sync. I can't see how this is done.

You don't need to append an argument for a squashed directory like portage with the initramfs, no need for that for a directory which is not used when booting. You can pretty much add the script (`/etc/init.d/sqfsdmount') into boot runlevel, it will do the job for that. And use sdr[|sqfsd-rebuild] to build you initial squashed diretory-ies and rebuild/update them afterwards.

If you want to automate the updating rebuilding, you can use the newest sdr script,--that you can add in a cron job for directory-ies different than bin/lib$ARCH (32|64),--which has an offset argument/parameter to that let the script rebuild the directory if enough the writable aufs branch has enough changes or you can fore it to unconditional rebuild(s). That a different story for bin:lib$ARCH... consult the KnownIssue for more info about possible issue for bin:lib$ARCH over there.
gw wrote:
2) the huge init script (new version: revision=0.3.6_p20111022). -- Can I use this script without modification even if I don't intend to use lvm and neither hibernation?

Already replied on the dedicated alternate topic. YES OF COURSE!
gw wrote:
3) What I'm trying to do is (simply?) to have an initramdisk init script decrypt an encrypted partition by asking for a passphrase and then switching to the new root and it's init.

You just can do that with a plain passphrase, a plain key-file or an encrypted key-file (LUKS|GnuPG). Just choose what fit you or what you require.

To finish, of course you can use a very simple init script made by yourself to bring userspace from an encrypted PV/LV but that won't be flexible for changes/new trequirement without some time to code. I guess old Reikinio init script a step forward to have more room/possibilities and mine just took a few things forward.
Back to top
View user's profile Send private message
d-fens
Tux's lil' helper
Tux's lil' helper


Joined: 09 Jan 2004
Posts: 93

PostPosted: Wed Jan 02, 2013 11:53 am    Post subject: Reply with quote

hi,

want to get my zfs on crypted luks (sda2 + sdb2 crypted and used decrypted in a mirrored pool ) running, but the initramfs is the missing link now.
tried to generate one with mkinitramfs-ll-9999 but it bails out druing emerge with:

Code:
install: cannont stat xcpio: no such file or directory
and in /var/tmp/portage/sys-kernel/mkinitramfs-ll-9999/image//usr/share/mkinitramfs-ll/scripts there is no file, how can i fix that?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Goto page Previous  1, 2, 3 ... 18, 19, 20
Page 20 of 20

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum