Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Bootable USB + Custom initrd - best way to find boot media?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
BradN
Advocate
Advocate


Joined: 19 Apr 2002
Posts: 2382
Location: Wisconsin (USA)

PostPosted: Sun May 22, 2011 5:50 am    Post subject: Bootable USB + Custom initrd - best way to find boot media? Reply with quote

Hey, I'm trying to create a bootable usb stick with encrypted root.

So far, the setup is looking like this:

1: syslinux mbr starts booting sequence
2: FreeDOS is loaded from the first partition (don't laugh, it seems to help USB boot compatibility)
3: a utility loads a partition image file that contains kernel and initrd files into high RAM
4: Grub4DOS is loaded, which is capable of mounting the previously loaded partition image
5: Kernel is set up and boots using initrd and begins executing /sbin/init...

... which is a script that needs to be able to locate the encrypted second partition on the memory stick.

Here's my question: What's the best way to locate the device containing all this stuff? I can't just assume it's /dev/sda, because there could be 2 usb sticks plugged in for all I know, or maybe a memory card reader is there. I can't easily use /dev/disk/by-uuid or something like that, because as far as I can tell, this is created by udev, and I'd rather not need that at such an early stage in booting (not to mention it'd make the initrd a lot bigger and BIOS USB disk implementations are usually pretty slow).

What sayeth the wisdom of the forums? Am I making this more difficult than it has to be?
Back to top
View user's profile Send private message
OneOfOne
Guru
Guru


Joined: 28 May 2003
Posts: 368
Location: Alexandria, Egypt

PostPosted: Sun May 22, 2011 8:21 am    Post subject: Reply with quote

Hmm well, my bootable usb is much simpler really, just used grub2 + uuid to find the root, uuid will be unique to the partition/disk always.
Code:

linux   /boot/vmlinuz26 root=/dev/disk/by-uuid/8725d3f3-ea77-4da9-afa6-5b9a3e3c7de6 video=uvesafb:1024x768-32 console=tty1 rootfstype=ext4 rootflags=noatime,nodiratime ro quiet

unless you're using an ancient kernel/busybox, just mount /dev using devtmpfs and you will be fine, don't even need to handle the UUID=xxx logic in your initrd.[/code]
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2463
Location: Germany

PostPosted: Sun May 22, 2011 1:45 pm    Post subject: Reply with quote

Basically you can use DEVICE=`busybox findfs UUID=f6ba8174-7ec7-4df6-bde9-fd72f5d3ddaf`.

For more suggestions see here http://en.gentoo-wiki.com/wiki/Initramfs
Back to top
View user's profile Send private message
BradN
Advocate
Advocate


Joined: 19 Apr 2002
Posts: 2382
Location: Wisconsin (USA)

PostPosted: Sun May 22, 2011 2:41 pm    Post subject: Reply with quote

I suppose I probably should have looked for gentoo docs on doing initrd/initramfs first ;)

I like this part... "devtmpfs

This is a recent addition to the Linux kernel, designed to offer device nodes early at bootup. To use it, enable CONFIG_DEVTMPFS in your kernel .config. "

So basically, devfs used to work and automatically generate device nodes, then we decided it was crap and went to udev and all that stuff, but then realized devfs was actually still useful so we put it back with a different name... I want some of what they're smoking, haha.

Also, it looks like I've gotta use this weird LUKS crap in order to have a UUID bound to an encrypted partition, unless I embed it inside LVM or something like that. I don't like the way LUKS is set up because it changes passphrases without actually changing the key used to encrypt the data. Basically if your passphrase is compromised once and your machine has been accessed while that passphrase was in use, it stays compromised through any passphrase changes.

Edit: Ok, looks like LUKS does allow changing the real key, but it's kinda a two step operation then.
Back to top
View user's profile Send private message
ciclonite
n00b
n00b


Joined: 06 Jun 2012
Posts: 1

PostPosted: Wed Jun 06, 2012 1:05 pm    Post subject: Reply with quote

Hi all, This is my first post. I've a question similar to this one.
I've a usb stick that have one partition public and one partiton "private" with the hw capabilities to encrpyt/decrypt the private partition with AES. For decrypt the partition i need to use the proprietary api of the device. On the public partition i've installed syslinux that call initrd, at this point initrd call the small program that ask for the password and ,if the password is correct, unlock the private partition and load root patition. Only a question: it's possible to do this or i've missing something?
Back to top
View user's profile Send private message
BradN
Advocate
Advocate


Joined: 19 Apr 2002
Posts: 2382
Location: Wisconsin (USA)

PostPosted: Sun Sep 23, 2012 5:18 am    Post subject: Reply with quote

Sorry for the horribly late reply, but if you can do it when logged in, it should be possible to do it from an initrd. It might be a trick getting all the libraries it needs to run copied in.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum