View previous topic :: View next topic |
Author |
Message |
BradN Advocate
Joined: 19 Apr 2002 Posts: 2391 Location: Wisconsin (USA)
|
Posted: Sun May 22, 2011 5:50 am Post subject: Bootable USB + Custom initrd - best way to find boot media? |
|
|
Hey, I'm trying to create a bootable usb stick with encrypted root.
So far, the setup is looking like this:
1: syslinux mbr starts booting sequence
2: FreeDOS is loaded from the first partition (don't laugh, it seems to help USB boot compatibility)
3: a utility loads a partition image file that contains kernel and initrd files into high RAM
4: Grub4DOS is loaded, which is capable of mounting the previously loaded partition image
5: Kernel is set up and boots using initrd and begins executing /sbin/init...
... which is a script that needs to be able to locate the encrypted second partition on the memory stick.
Here's my question: What's the best way to locate the device containing all this stuff? I can't just assume it's /dev/sda, because there could be 2 usb sticks plugged in for all I know, or maybe a memory card reader is there. I can't easily use /dev/disk/by-uuid or something like that, because as far as I can tell, this is created by udev, and I'd rather not need that at such an early stage in booting (not to mention it'd make the initrd a lot bigger and BIOS USB disk implementations are usually pretty slow).
What sayeth the wisdom of the forums? Am I making this more difficult than it has to be? |
|
Back to top |
|
|
OneOfOne Guru
Joined: 28 May 2003 Posts: 368
|
Posted: Sun May 22, 2011 8:21 am Post subject: |
|
|
Hmm well, my bootable usb is much simpler really, just used grub2 + uuid to find the root, uuid will be unique to the partition/disk always.
Code: |
linux /boot/vmlinuz26 root=/dev/disk/by-uuid/8725d3f3-ea77-4da9-afa6-5b9a3e3c7de6 video=uvesafb:1024x768-32 console=tty1 rootfstype=ext4 rootflags=noatime,nodiratime ro quiet
|
unless you're using an ancient kernel/busybox, just mount /dev using devtmpfs and you will be fine, don't even need to handle the UUID=xxx logic in your initrd.[/code] |
|
Back to top |
|
|
frostschutz Advocate
Joined: 22 Feb 2005 Posts: 2977 Location: Germany
|
Posted: Sun May 22, 2011 1:45 pm Post subject: |
|
|
Basically you can use DEVICE=`busybox findfs UUID=f6ba8174-7ec7-4df6-bde9-fd72f5d3ddaf`.
For more suggestions see here http://en.gentoo-wiki.com/wiki/Initramfs |
|
Back to top |
|
|
BradN Advocate
Joined: 19 Apr 2002 Posts: 2391 Location: Wisconsin (USA)
|
Posted: Sun May 22, 2011 2:41 pm Post subject: |
|
|
I suppose I probably should have looked for gentoo docs on doing initrd/initramfs first
I like this part... "devtmpfs
This is a recent addition to the Linux kernel, designed to offer device nodes early at bootup. To use it, enable CONFIG_DEVTMPFS in your kernel .config. "
So basically, devfs used to work and automatically generate device nodes, then we decided it was crap and went to udev and all that stuff, but then realized devfs was actually still useful so we put it back with a different name... I want some of what they're smoking, haha.
Also, it looks like I've gotta use this weird LUKS crap in order to have a UUID bound to an encrypted partition, unless I embed it inside LVM or something like that. I don't like the way LUKS is set up because it changes passphrases without actually changing the key used to encrypt the data. Basically if your passphrase is compromised once and your machine has been accessed while that passphrase was in use, it stays compromised through any passphrase changes.
Edit: Ok, looks like LUKS does allow changing the real key, but it's kinda a two step operation then. |
|
Back to top |
|
|
ciclonite n00b
Joined: 06 Jun 2012 Posts: 1
|
Posted: Wed Jun 06, 2012 1:05 pm Post subject: |
|
|
Hi all, This is my first post. I've a question similar to this one.
I've a usb stick that have one partition public and one partiton "private" with the hw capabilities to encrpyt/decrypt the private partition with AES. For decrypt the partition i need to use the proprietary api of the device. On the public partition i've installed syslinux that call initrd, at this point initrd call the small program that ask for the password and ,if the password is correct, unlock the private partition and load root patition. Only a question: it's possible to do this or i've missing something? |
|
Back to top |
|
|
BradN Advocate
Joined: 19 Apr 2002 Posts: 2391 Location: Wisconsin (USA)
|
Posted: Sun Sep 23, 2012 5:18 am Post subject: |
|
|
Sorry for the horribly late reply, but if you can do it when logged in, it should be possible to do it from an initrd. It might be a trick getting all the libraries it needs to run copied in. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|