Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Support] System Encryption DM-Crypt with LUKS
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4 ... 18, 19, 20  Next  
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Mon May 15, 2006 12:31 pm    Post subject: Re: having problems with initramfs Reply with quote

andersenep wrote:
I set set the line:
Code:
root=*) # get root and fs type

to:
Code:
root=/dev/sda2:ext3) # get root and fs type

which is my encrypted root partition.
[/code]


I did try using the script unmodified which I think is how it is supposed to work.
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Mon May 15, 2006 7:35 pm    Post subject: Re: having problems with initramfs Reply with quote

Hi,

andersenep wrote:
I've stuck to the howto as closely as possible and I think my main problem is with initramfs. I'm using gentoo-sources-2.6.16-r7 and for starters there is no default initramfs_date.cpio.gz in /usr/src/linux/usr.

Yes, unless you're recompiling the kernel, there will be no initramfs_data.cpio.gz archieve there, all 2.6 kernels contain a default cpio archive if the user doesn't supply one, this default cpio archive is generated when you compile your kernel.
I have fixed the text in the guide that produced this confusion.

All you have to do is to place your initramfs image(initramfs_data.cpio.gz) in /usr/src/linux/usr, and the kernel will built it directly, there is no need to edit CONFIG_INITRAMFS_SOURCE.

The init file is supposed to work, there is no need to edit the root variable by hand, just make sure you're passing the right argument when you boot your system.

How are you generating your initramfs image ?
It seems to me you're using the first method(using the busybox install.sh script), if so, make sure you don't forget anything.
Also, if you're copying the init file, make sure it's not missing any line of code.

Your grub configuration seems ok.
If you're still having problems, please post the init error if any(this helps a lot), and your partition scheme too.

Bye,
Back to top
View user's profile Send private message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Tue May 16, 2006 1:21 pm    Post subject: Reply with quote

Well, the first error I got was "Failed to execute /init", so I chmod +x'd it, recompiled and now it progress a bit further until it says "unable to open initial console" and reboots. I was using the install.sh method for building the initramfs_data.cpio.gz. I think I'll just start over from scratch on the whole initramfs image, and maybe try the second method. Thanks for your help.
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Tue May 16, 2006 5:13 pm    Post subject: Reply with quote

andersenep wrote:
Well, the first error I got was "Failed to execute /init", so I chmod +x'd it, recompiled and now it progress a bit further until it says "unable to open initial console" and reboots. I was using the install.sh method for building the initramfs_data.cpio.gz. I think I'll just start over from scratch on the whole initramfs image, and maybe try the second method. Thanks for your help.

Oops, I am sorry, I forgot to add some commands to the install.sh box code.
The "unable to open initial console" message you got is because there was no console device on your initramfs image, I've added the missing commands to the guide.
It should work fine now.

Bye
Back to top
View user's profile Send private message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Wed May 17, 2006 4:14 am    Post subject: Reply with quote

Alright! initramfs image seems to work fine now, I'm getting my ascii skull and prompt, but cryptsetup does not seem to like either of the passphrases I set on my root partition. I'm able to use both passphrases from the command line on my old root, and the cryptsetup I have in sbin/ in my initramfs image is the proper one (cryptsetup-luks v1.0.3 from portage). I tried several times to make sure I didn't just typo...All I get is "passphrase not recognized" and a power off...Any ideas?

Thanks a bunch for your timely help and for the howto (I'd never have made it this far on my own).
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Wed May 17, 2006 4:33 am    Post subject: Reply with quote

andersenep wrote:
Alright! initramfs image seems to work fine now, I'm getting my ascii skull and prompt, but cryptsetup does not seem to like either of the passphrases I set on my root partition. I'm able to use both passphrases from the command line on my old root, and the cryptsetup I have in sbin/ in my initramfs image is the proper one (cryptsetup-luks v1.0.3 from portage). I tried several times to make sure I didn't just typo...All I get is "passphrase not recognized" and a power off...Any ideas?

Thanks a bunch for your timely help and for the howto (I'd never have made it this far on my own).

Thanks,

Does the error message looks like this:
Code:

Command failed: No key available with this passphrase

If this is the case, then
Guide FAQ entry wrote:

Check that you have dm-crypt and device-mapper included in the kernel.
Check you have the necessary ciphers included in the kernel.

It could also be that your keymap is incorrect(the keys values are not what you expect), you can test this by passing the "rescue" argument to the kernel line in your grub.conf, and type something, but this shouldn't be an issue for you since you live in the US.
Back to top
View user's profile Send private message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Wed May 17, 2006 5:32 am    Post subject: Reply with quote

That is the error I am getting. When I boot into rescue mode, I am able to unlock the partition with "sbin/cryptsetup luksOpen /dev/sda2 root" without any problems, so I'm pretty sure my kernel config is correct. Keymap works fine...I downloaded the init script from the link on the howto so I don't think it's any misconfiguration there...Strange...
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Wed May 17, 2006 6:06 am    Post subject: Reply with quote

andersenep wrote:
That is the error I am getting. When I boot into rescue mode, I am able to unlock the partition with "sbin/cryptsetup luksOpen /dev/sda2 root" without any problems, so I'm pretty sure my kernel config is correct. Keymap works fine...I downloaded the init script from the link on the howto so I don't think it's any misconfiguration there...Strange...

:?

How can it execute fine if you run it manually(in rescue mode) and fail if executed by the init script?
There is no magic in the init script, it's pretty simple.

That error message could be caused by:
a) lack of device-mapper and dm-crypt support built in the kernel
b) lack of support for the needed ciphers(plus sha256)
c) lack of /dev/mapper/control
d) wrong keymap
e) wrong passphrase

If you're sure (d) and (e) are ok, then it must be one of the other 3.
Please make sure your kernel has the required support built-in, which also includes support for tmpfs and sysfs(CONFIG_TMPFS=y , CONFIG_SYSFS=y at File systems/Pseudo filesystems)
Make sure you built busybox with mdev support, go into rescue mode and execute:
Code:

/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s,
 # any errors?


If all of the above is correct, and still it doesn't work, then I don't know.. It should work, here it's working fine.

Let me know how it went.

Bye
Back to top
View user's profile Send private message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Wed May 17, 2006 2:26 pm    Post subject: Reply with quote

I don't know why it works in rescue mode, but it does...

Quote:
That error message could be caused by:
a) lack of device-mapper and dm-crypt support built in the kernel


Code:
CONFIG_DM_CRYPT=y
CONFIG_BLK_DEV_DM=y


Quote:
b) lack of support for the needed ciphers(plus sha256)


a note here, I am using AES and not blowfish
Code:
Cipher name:    aes
Cipher mode:    cbc-plain:sha1
Hash spec:      sha1


From kernel config:
Code:

CONFIG_DM_CRYPT=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=y


everything else compiled as modules. Again, I'm fairly certain I have the correct cipher support in the kernel as I can unlock the partition manually.

c) lack of /dev/mapper/control

I did not create the /dev/mapper/control or /dev/mapper/root nodes at the end of the howto as you stated it was optional and they should be created at startup anyway...perhaps this is part of the problem? I would tend to think it isn't, since like I said I can manually use cryptsetup to open /dev/sda2 and map it to /dev/mapper/root...


Quote:
Please make sure your kernel has the required support built-in, which also includes support for tmpfs and sysfs(CONFIG_TMPFS=y , CONFIG_SYSFS=y at File systems/Pseudo filesystems)


from kernel config:
Code:
CONFIG_SYSFS=y
CONFIG_TMPFS=y


Quote:
Make sure you built busybox with mdev support, go into rescue mode and execute:
Code:

/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s,
 # any errors?


from busybox config:
Code:
CONFIG_MDEV=y
# CONFIG_FEATURE_MDEV_CONF is not set


proc, sys, and tmpfs were already mounted when I dropped to sh in rescue mode. /sbin/mdev -s executed but produced no output or anything, just dropped me back to a prompt (not sure what it's supposed to do).
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Wed May 17, 2006 6:35 pm    Post subject: Reply with quote

I honestly cannot understand how you can open the LUKS partition in rescue mode, but the init script fails for you, as I said the init script is very simple.

Let's summarize what we know:
a) Wrong keymap = No
b) Wrong Passphrase = No
c) Lack of kernel built-in support for tmpfs, sysfs = No
d) Lack of kernel built-in support for device-mapper, dm-crypt = No *
e) Lack of kernel built-in support for ciphers = No
f) Lack of Busybox mdev support = No

*
Code:

> zcat /proc/config.gz | grep CONFIG_BLK_DEV_DM
# outputs
CONFIG_BLK_DEV_DM=y  # must be built-in, no module
>zcat /proc/config.gz | grep CONFIG_DM_CRYPT
# outputs
CONFIG_DM_CRYPT=y


If all the above is ok, then what on earth could be causing init to fail.. ?
You do have "cut" support built in busybox, right ?

I'd really like to know why it fails there, so, can you replace the init from you initramfs image with this one and recompile your kernel(no need to change your grub.conf, just make sure root= argument has the proper value) ?
Code:

#!/bin/sh
export PATH=/sbin:/bin
dmesg -n 1
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
CMDLINE=`cat /proc/cmdline`

# Populate /dev from /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s

 
for param in $CMDLINE; do
    case "$param" in
        loadkmap=*) loadkeymap="`echo $param | cut -d= -f2`";;
   loadfont=*) font="`echo $param | cut -d= -f2`";;
        rescue) echo "Rescue Mode -- Dropping you into a minimal shell..";
                exec /bin/sh;;
   gpg=*) # the user has the keys on a gpg encrypted file
      use_gpg="`echo $param | cut -d= -f2`";;
        root=*) # get root and fs type
      root_dev="`echo $param | cut -d= -f2 | cut -d: -f1`";
      fs_type="`echo $param | cut -d: -f2`";
      ;;
    esac
done
echo "Root variables.."
echo "root_dev = " $root_dev
echo "fs_type   = " $fs_type
echo "Executing cryptsetup..."
cryptsetup luksOpen $root_dev root
echo "Dropping you into a minimal shell.."
exec /bin/sh


First check that the root variables have the proper values, in your case it should output this:
Code:

root_dev =  /dev/sda2
fs_type   =  ext3

If the above values are ok, then executing cryptsetup to open your LUKS partition should work, if it doesn't, then check that you have /dev/sda2 and /dev/mapper/control, if you have built busybox with "ls" support you can use that, if not, either rebuild your busybox with ls support or try executing those files just to see if they are there or not.

Some answers to your questions,
Quote:

proc, sys, and tmpfs were already mounted when I dropped to sh in rescue mode. /sbin/mdev -s executed but produced no output or anything, just dropped me back to a prompt (not sure what it's supposed to do).

Yes, they're already mounted, and /dev is populated because the same commands get executed before it drops you into the minimal shell.
mdev is mini udev for busybox, it's used to populate /dev from /sys

Quote:

I did not create the /dev/mapper/control or /dev/mapper/root nodes at the end of the howto as you stated it was optional and they should be created at startup anyway...perhaps this is part of the problem? I would tend to think it isn't, since like I said I can manually use cryptsetup to open /dev/sda2 and map it to /dev/mapper/root...

What I meant there is for your root partition not the initramfs.
You don't need to create them for your initramfs image, that's mdev job.

Quote:

a note here, I am using AES and not blowfish

Blowfish was only used to encrypt swap for installation, the guide uses the serpent cipher as a default for encrypting partitions.

Let me know how it went,
Bye

PS: I'm going to compile the exact kernel version you have and rebuild the initramfs from scratch later to check once again that everything works here.
Back to top
View user's profile Send private message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Wed May 17, 2006 6:55 pm    Post subject: Reply with quote

Ok, that new init worked. Returned:

Code:
Key slot 1 unlocked
Command successful
Dropping you into a minimal shell


The variables were also obviously correct. Very strange. I've tried recompiling with the original init several times before, but I'll give it one more shot, maybe I screwed up somewhere...
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Wed May 17, 2006 7:04 pm    Post subject: Reply with quote

andersenep wrote:
Ok, that new init worked. Returned:

Code:
Key slot 1 unlocked
Command successful
Dropping you into a minimal shell


The variables were also obviously correct. Very strange. I've tried recompiling with the original init several times before, but I'll give it one more shot, maybe I screwed up somewhere...

Then the init that's on my website should work too, really.

But, before you recompile again, please, download the init file again and do this:
diff --brief old_init new_init
If they differ, I want to see your old_init, problably you edited it, and left something that shouldn't be there(a typo).
Back to top
View user's profile Send private message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Wed May 17, 2006 7:14 pm    Post subject: Reply with quote

I already recompiled...It cannot be anything I changed, like I said I've rm'd and redownloaded the original init from your website several times, and I just did it again. All I did was wget and chmod 0755 it and then compressed it, copied it to /usr/src/linux/usr and touched it. Then recompiled. Same result: "Command Failed: No key available with that passphrase"...
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Wed May 17, 2006 9:46 pm    Post subject: Reply with quote

Oops, It was my mistake :oops: , the init script was bad, don't know why I uploaded that one.
It was working for me because the init I was using was not the same that was in the guide and at my website.
They were similar, except that the init you were using didn't have the variables properly enclosed, this caused an if -n ( ! null) statement to misbehave.
Download the init script again, and try it, it should work.

Also, I've uploaded the guide to correct it.

Bye

[edit]
Even worse is the fact that I overlooked it many times when looking at the flawed init.
:lol:
[/edit]
Back to top
View user's profile Send private message
andersenep
n00b
n00b


Joined: 31 Dec 2004
Posts: 20
Location: Everett, Washington

PostPosted: Wed May 17, 2006 10:40 pm    Post subject: Reply with quote

That did it, works now. Thanks for sorting everything out with me!
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Wed May 17, 2006 10:48 pm    Post subject: Reply with quote

andersenep wrote:
That did it, works now. Thanks for sorting everything out with me!

Thanks to you many things were corrected and the next person(s) following the guide shouldn't have any problems.
:D

Bye
Back to top
View user's profile Send private message
mephist0
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2005
Posts: 94
Location: Germany, Frankfurt/Main

PostPosted: Tue May 23, 2006 6:48 pm    Post subject: Reply with quote

Hi !

I want to encrypt my partition with gpg !

but gpg isnt on any gentoo install or livecd ...

so how do i do it ? :)

thanks soo much
_________________
There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'

Photography portfolio
Back to top
View user's profile Send private message
mephist0
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2005
Posts: 94
Location: Germany, Frankfurt/Main

PostPosted: Thu May 25, 2006 4:40 pm    Post subject: Reply with quote

*push*
_________________
There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'

Photography portfolio
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Thu May 25, 2006 11:14 pm    Post subject: Reply with quote

Hi,
mephist0 wrote:
Hi !

I want to encrypt my partition with gpg !

The key for your root partition will be encrypted using GnuPG, not the partition itself, I'm sure this is what you meant.

mephist0 wrote:


but gpg isnt on any gentoo install or livecd ...

so how do i do it ? :)

thanks soo much

If you're installing Gentoo from scratch, you'll need a statically linked gpg, I don't know if there is any livecd that ships with it by default.
If the Gentoo livecds don't have it, perhaps Knoppix or Slax do ?

If you can't find a livecd that has it, then there is another way, you can use a normal passphrase and when you finish the installation, add the gpg protected key later as an additional passphrase(and if you want, delete the original passphrase).

Another way, if you have a current working system, you can emerge gnupg with the static flag turned on, and use this executable during your Gentoo installation.

Do you have your Gentoo system already encrypted ?
Are you planning on booting from an usb-stick ?

I tested the booting from an usb-stick with a gpg protected key and it worked, but there're still a couple of things that could be improved, you should _read the comments_ on the init script.

Bye,
Back to top
View user's profile Send private message
mephist0
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2005
Posts: 94
Location: Germany, Frankfurt/Main

PostPosted: Fri May 26, 2006 8:54 am    Post subject: Reply with quote

Reikinio wrote:
Hi,
mephist0 wrote:
Hi !

I want to encrypt my partition with gpg !

The key for your root partition will be encrypted using GnuPG, not the partition itself, I'm sure this is what you meant.

mephist0 wrote:


but gpg isnt on any gentoo install or livecd ...

so how do i do it ? :)

thanks soo much

If you're installing Gentoo from scratch, you'll need a statically linked gpg, I don't know if there is any livecd that ships with it by default.
If the Gentoo livecds don't have it, perhaps Knoppix or Slax do ?

If you can't find a livecd that has it, then there is another way, you can use a normal passphrase and when you finish the installation, add the gpg protected key later as an additional passphrase(and if you want, delete the original passphrase).

Another way, if you have a current working system, you can emerge gnupg with the static flag turned on, and use this executable during your Gentoo installation.

Do you have your Gentoo system already encrypted ?
Are you planning on booting from an usb-stick ?

I tested the booting from an usb-stick with a gpg protected key and it worked, but there're still a couple of things that could be improved, you should _read the comments_ on the init script.

Bye,


Hi !

thanks !

I found Kanotix, its a 64bit livecd and has gpg :)

Yes, I want to use a USB-Stick for the key. If I run into problems, I post my questions ;)
_________________
There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'

Photography portfolio
Back to top
View user's profile Send private message
mephist0
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2005
Posts: 94
Location: Germany, Frankfurt/Main

PostPosted: Fri May 26, 2006 8:56 pm    Post subject: Reply with quote

Hi !

I want to boot from usb stick...

Booting works fine, but the kernel doesnt find the init file ...

here is the listings of the image :

Code:

root@1[temp_image_dir]# ls -l
insgesamt 36
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 bin
drwxr-xr-x 2 root root 4096 2006-05-26 21:40 dev
drwxr-xr-x 2 root root 4096 2006-05-26 21:42 etc
-rwxr-xr-x 1 root root 2883 2006-05-26 21:38 init
drwxr-xr-x 2 root root 4096 2006-05-26 21:29 lib64
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 new-root
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 proc
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 sbin
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 sys
root@1[temp_image_dir]# ls -lR
.:
insgesamt 36
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 bin
drwxr-xr-x 2 root root 4096 2006-05-26 21:40 dev
drwxr-xr-x 2 root root 4096 2006-05-26 21:42 etc
-rwxr-xr-x 1 root root 2883 2006-05-26 21:38 init
drwxr-xr-x 2 root root 4096 2006-05-26 21:29 lib64
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 new-root
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 proc
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 sbin
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 sys

./bin:
insgesamt 2292
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 [ -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 [[ -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 ash -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 bunzip2 -> busybox
-rwxr-xr-x 1 root root  724864 2006-05-26 21:29 busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 bzcat -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 cat -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 clear -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 cut -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 dmesg -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 dumpkmap -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 echo -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 false -> busybox
-rwx--x--x 1 root root 1611696 2006-05-26 21:46 gpg
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 gunzip -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 loadfont -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mesg -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mkdir -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mount -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mountpoint -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 test -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 true -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 umount -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 unzip -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 uuencode -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 zcat -> busybox

./dev:
insgesamt 0
crw------- 1 root root 5, 1 2006-05-26 21:40 console
crw-rw-rw- 1 root root 1, 3 2006-05-26 21:40 null

./etc:
insgesamt 8
-rwxr-xr-x 1 root root 2823 2006-05-26 21:41 de-latin1-nodeadkeys-x86_64.bin
-rw-r--r-- 1 root root  234 2006-05-26 21:46 root_key.gpg

./lib64:
insgesamt 0

./new-root:
insgesamt 0

./proc:
insgesamt 0

./sbin:
insgesamt 2428
-rwxr-xr-x 1 root root  861104 2006-05-26 21:37 cryptsetup
-rwx--x--x 1 root root 1611696 2006-05-26 21:46 gpg
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 halt -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 loadkmap -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 mdev -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 modprobe -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 poweroff -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 reboot -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 start-stop-daemon -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 switch_root -> ../bin/busybox

./sys:
insgesamt 0


I gzipped it as described in the wiki ...
moved it to /
gunziped it
put "initramfs_data.cpio" to kernel options, compiled and copied the kernel dir and the image to the usb-stick

Code:

ls -l /mnt/usb/
insgesamt 4073
-rw-r--r--  1 root root     285 2006-05-26 22:06 extlinux.conf
-r--r--r--  1 root root    9756 2006-05-26 15:59 extlinux.sys
-rw-r--r--  1 root root 4098404 2006-05-26 22:06 kernel-2.6.16-gentoo-r7
drwxr-xr-x 20 root root    1024 2006-05-26 22:03 linux-2.6.16-gentoo-r7
drwx------  2 root root   12288 2006-05-26 11:39 lost+found
-rwxr-xr-x  1 root root   26756 2006-05-26 14:42 menu.c32
-rw-r--r--  1 root root     234 2006-05-26 14:41 root_key.gpg


I try now copying the init to the usb root folder ... but I dont think it will work

hope anyone can help me ... thanks
_________________
There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'

Photography portfolio
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Sat May 27, 2006 5:19 am    Post subject: Reply with quote

Hi,
I've noticed you posted in this thread a while ago, if your system is already encrypted there is no need to reintall and encrypt it again. You can perform the steps to prepare the initrmafs, usb-stick, etc.. from inside your working system.
Also, I added a warning to the guide for users who plan to boot from an usb-stick, I'll paste it here as well.
guide wrote:

Warning: Users who plan on booting from an usb-stick:

Your usb-stick will be the only way to access your system, if you lose it or someone wipes its contents, you can say goodbye to all the data those key(s) were protecting.
You should consider adding an additional passphrase as a fallback method.
"You have been warned.."


Also, I've uploaded a new init script, which basically has more if tests to show the user errors to help him/her find out what went wrong and where.
This new init script has also a different way to handle the luksOpen with a gpg protected key.
mephist0: you should use the new init script.
andersenep: there is no need to recompile just to use the new init script.

Anway,

mephist0 wrote:

Booting works fine, but the kernel doesnt find the init file ...
...

Could you provide the actual error message(or at least, some of it) :) .
My guess is that the initramfs built into the kernel is not the actual initramfs image you created, after you create the initramfs image(compress the proper directory), you have to place this file in /usr/src/linux/usr, like this:
Code:

  # copy your cpio archive, it'll be built directly.
  cp -i /path/to/initramfs_data.cpio.gz /usr/src/linux/usr/
  touch /usr/src/linux/usr/initramfs_data.cpio.gz

The commands above are in the guide.
After you place this file there, you have to configure your kernel and compile it.
mephist0 wrote:

I gzipped it as described in the wiki ...
moved it to /
gunziped it
put "initramfs_data.cpio" to kernel options, compiled and copied the kernel dir and the image to the usb-stick

Sorry, I don't understand what you mean here, you have to put initramfs_data.cpio.gz in /usr/src/linuc/usr and that's it, there is no need to edit CONFIG_INITRAMFS_SOURCE, if that is what you meant.


mephist0 wrote:

Code:

ls -l /mnt/usb/
insgesamt 4073
-rw-r--r--  1 root root     285 2006-05-26 22:06 extlinux.conf
-r--r--r--  1 root root    9756 2006-05-26 15:59 extlinux.sys
-rw-r--r--  1 root root 4098404 2006-05-26 22:06 kernel-2.6.16-gentoo-r7
drwxr-xr-x 20 root root    1024 2006-05-26 22:03 linux-2.6.16-gentoo-r7
drwx------  2 root root   12288 2006-05-26 11:39 lost+found
-rwxr-xr-x  1 root root   26756 2006-05-26 14:42 menu.c32
-rw-r--r--  1 root root     234 2006-05-26 14:41 root_key.gpg


I try now copying the init to the usb root folder ... but I dont think it will work

hope anyone can help me ... thanks

root_key.gpg must be placed inside the initramfs image in etc/ , the init script will look for it there, it will not mount your usb-stick.
When your system boots, the kernel will extract the cpio format archive(initramfs image) into rootfs, then it will execute init, which in turn will look for the gpg file in /etc.

Let me know if you encounter any problems, I'll try to help you out, but please try to post error message if possible, this helps a lot.

Bye 8)
Back to top
View user's profile Send private message
mephist0
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2005
Posts: 94
Location: Germany, Frankfurt/Main

PostPosted: Sat May 27, 2006 8:46 am    Post subject: Reply with quote

Reikinio wrote:

Sorry, I don't understand what you mean here, you have to put initramfs_data.cpio.gz in /usr/src/linuc/usr and that's it, there is no need to edit CONFIG_INITRAMFS_SOURCE, if that is what you meant.

Let me know if you encounter any problems, I'll try to help you out, but please try to post error message if possible, this helps a lot.

Bye 8)


Hi,

If I only copy the initramfs_data.cpio.gz to /usr/src/linux/usr it compiles a defaulte one and overwrites my image.

Code:

HOSTCC  usr/gen_init_cpio
  CHK     usr/initramfs_list
  UPD     usr/initramfs_list
  CPIO    usr/initramfs_data.cpio
  GZIP    usr/initramfs_data.cpio.gz



The error message :

Code:
Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel


but the init is in the initramfs image and I chmod +x it ...

and the root_key.gpg is also in /etc...

Im out of ideas ...
_________________
There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'

Photography portfolio
Back to top
View user's profile Send private message
polovsky
n00b
n00b


Joined: 11 May 2004
Posts: 1

PostPosted: Sat May 27, 2006 11:58 am    Post subject: Reply with quote

mephist0 wrote:

The error message :

Code:
Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel


but the init is in the initramfs image and I chmod +x it ...

and the root_key.gpg is also in /etc...

Im out of ideas ...


Hi,

In your initramfs image "/bin/sh" is missing.

Bye
Back to top
View user's profile Send private message
mephist0
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2005
Posts: 94
Location: Germany, Frankfurt/Main

PostPosted: Sat May 27, 2006 12:40 pm    Post subject: Reply with quote

polovsky wrote:
mephist0 wrote:

The error message :

Code:
Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel


but the init is in the initramfs image and I chmod +x it ...

and the root_key.gpg is also in /etc...

Im out of ideas ...


Hi,

In your initramfs image "/bin/sh" is missing.

Bye


thanks, fixed it ...

but ... new error

[: -eq unkown operand

and it drops me to the minimal shell ...
_________________
There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'

Photography portfolio
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Goto page Previous  1, 2, 3, 4 ... 18, 19, 20  Next
Page 3 of 20

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum