View previous topic :: View next topic |
Author |
Message |
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Mon May 15, 2006 12:31 pm Post subject: Re: having problems with initramfs |
|
|
andersenep wrote: | I set set the line:
Code: | root=*) # get root and fs type |
to:
Code: | root=/dev/sda2:ext3) # get root and fs type |
which is my encrypted root partition.
[/code] |
I did try using the script unmodified which I think is how it is supposed to work. |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Mon May 15, 2006 7:35 pm Post subject: Re: having problems with initramfs |
|
|
Hi,
andersenep wrote: | I've stuck to the howto as closely as possible and I think my main problem is with initramfs. I'm using gentoo-sources-2.6.16-r7 and for starters there is no default initramfs_date.cpio.gz in /usr/src/linux/usr.
|
Yes, unless you're recompiling the kernel, there will be no initramfs_data.cpio.gz archieve there, all 2.6 kernels contain a default cpio archive if the user doesn't supply one, this default cpio archive is generated when you compile your kernel.
I have fixed the text in the guide that produced this confusion.
All you have to do is to place your initramfs image(initramfs_data.cpio.gz) in /usr/src/linux/usr, and the kernel will built it directly, there is no need to edit CONFIG_INITRAMFS_SOURCE.
The init file is supposed to work, there is no need to edit the root variable by hand, just make sure you're passing the right argument when you boot your system.
How are you generating your initramfs image ?
It seems to me you're using the first method(using the busybox install.sh script), if so, make sure you don't forget anything.
Also, if you're copying the init file, make sure it's not missing any line of code.
Your grub configuration seems ok.
If you're still having problems, please post the init error if any(this helps a lot), and your partition scheme too.
Bye, |
|
Back to top |
|
|
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Tue May 16, 2006 1:21 pm Post subject: |
|
|
Well, the first error I got was "Failed to execute /init", so I chmod +x'd it, recompiled and now it progress a bit further until it says "unable to open initial console" and reboots. I was using the install.sh method for building the initramfs_data.cpio.gz. I think I'll just start over from scratch on the whole initramfs image, and maybe try the second method. Thanks for your help. |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Tue May 16, 2006 5:13 pm Post subject: |
|
|
andersenep wrote: | Well, the first error I got was "Failed to execute /init", so I chmod +x'd it, recompiled and now it progress a bit further until it says "unable to open initial console" and reboots. I was using the install.sh method for building the initramfs_data.cpio.gz. I think I'll just start over from scratch on the whole initramfs image, and maybe try the second method. Thanks for your help. |
Oops, I am sorry, I forgot to add some commands to the install.sh box code.
The "unable to open initial console" message you got is because there was no console device on your initramfs image, I've added the missing commands to the guide.
It should work fine now.
Bye |
|
Back to top |
|
|
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Wed May 17, 2006 4:14 am Post subject: |
|
|
Alright! initramfs image seems to work fine now, I'm getting my ascii skull and prompt, but cryptsetup does not seem to like either of the passphrases I set on my root partition. I'm able to use both passphrases from the command line on my old root, and the cryptsetup I have in sbin/ in my initramfs image is the proper one (cryptsetup-luks v1.0.3 from portage). I tried several times to make sure I didn't just typo...All I get is "passphrase not recognized" and a power off...Any ideas?
Thanks a bunch for your timely help and for the howto (I'd never have made it this far on my own). |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Wed May 17, 2006 4:33 am Post subject: |
|
|
andersenep wrote: | Alright! initramfs image seems to work fine now, I'm getting my ascii skull and prompt, but cryptsetup does not seem to like either of the passphrases I set on my root partition. I'm able to use both passphrases from the command line on my old root, and the cryptsetup I have in sbin/ in my initramfs image is the proper one (cryptsetup-luks v1.0.3 from portage). I tried several times to make sure I didn't just typo...All I get is "passphrase not recognized" and a power off...Any ideas?
Thanks a bunch for your timely help and for the howto (I'd never have made it this far on my own). |
Thanks,
Does the error message looks like this:
Code: |
Command failed: No key available with this passphrase
|
If this is the case, then
Guide FAQ entry wrote: |
Check that you have dm-crypt and device-mapper included in the kernel.
Check you have the necessary ciphers included in the kernel.
|
It could also be that your keymap is incorrect(the keys values are not what you expect), you can test this by passing the "rescue" argument to the kernel line in your grub.conf, and type something, but this shouldn't be an issue for you since you live in the US. |
|
Back to top |
|
|
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Wed May 17, 2006 5:32 am Post subject: |
|
|
That is the error I am getting. When I boot into rescue mode, I am able to unlock the partition with "sbin/cryptsetup luksOpen /dev/sda2 root" without any problems, so I'm pretty sure my kernel config is correct. Keymap works fine...I downloaded the init script from the link on the howto so I don't think it's any misconfiguration there...Strange... |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Wed May 17, 2006 6:06 am Post subject: |
|
|
andersenep wrote: | That is the error I am getting. When I boot into rescue mode, I am able to unlock the partition with "sbin/cryptsetup luksOpen /dev/sda2 root" without any problems, so I'm pretty sure my kernel config is correct. Keymap works fine...I downloaded the init script from the link on the howto so I don't think it's any misconfiguration there...Strange... |
How can it execute fine if you run it manually(in rescue mode) and fail if executed by the init script?
There is no magic in the init script, it's pretty simple.
That error message could be caused by:
a) lack of device-mapper and dm-crypt support built in the kernel
b) lack of support for the needed ciphers(plus sha256)
c) lack of /dev/mapper/control
d) wrong keymap
e) wrong passphrase
If you're sure (d) and (e) are ok, then it must be one of the other 3.
Please make sure your kernel has the required support built-in, which also includes support for tmpfs and sysfs(CONFIG_TMPFS=y , CONFIG_SYSFS=y at File systems/Pseudo filesystems)
Make sure you built busybox with mdev support, go into rescue mode and execute:
Code: |
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s,
# any errors?
|
If all of the above is correct, and still it doesn't work, then I don't know.. It should work, here it's working fine.
Let me know how it went.
Bye |
|
Back to top |
|
|
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Wed May 17, 2006 2:26 pm Post subject: |
|
|
I don't know why it works in rescue mode, but it does...
Quote: | That error message could be caused by:
a) lack of device-mapper and dm-crypt support built in the kernel |
Code: | CONFIG_DM_CRYPT=y
CONFIG_BLK_DEV_DM=y |
Quote: | b) lack of support for the needed ciphers(plus sha256) |
a note here, I am using AES and not blowfish
Code: | Cipher name: aes
Cipher mode: cbc-plain:sha1
Hash spec: sha1 |
From kernel config:
Code: |
CONFIG_DM_CRYPT=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=y |
everything else compiled as modules. Again, I'm fairly certain I have the correct cipher support in the kernel as I can unlock the partition manually.
c) lack of /dev/mapper/control
I did not create the /dev/mapper/control or /dev/mapper/root nodes at the end of the howto as you stated it was optional and they should be created at startup anyway...perhaps this is part of the problem? I would tend to think it isn't, since like I said I can manually use cryptsetup to open /dev/sda2 and map it to /dev/mapper/root...
Quote: | Please make sure your kernel has the required support built-in, which also includes support for tmpfs and sysfs(CONFIG_TMPFS=y , CONFIG_SYSFS=y at File systems/Pseudo filesystems) |
from kernel config:
Code: | CONFIG_SYSFS=y
CONFIG_TMPFS=y |
Quote: | Make sure you built busybox with mdev support, go into rescue mode and execute:
Code: |
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s,
# any errors?
|
|
from busybox config:
Code: | CONFIG_MDEV=y
# CONFIG_FEATURE_MDEV_CONF is not set |
proc, sys, and tmpfs were already mounted when I dropped to sh in rescue mode. /sbin/mdev -s executed but produced no output or anything, just dropped me back to a prompt (not sure what it's supposed to do). |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Wed May 17, 2006 6:35 pm Post subject: |
|
|
I honestly cannot understand how you can open the LUKS partition in rescue mode, but the init script fails for you, as I said the init script is very simple.
Let's summarize what we know:
a) Wrong keymap = No
b) Wrong Passphrase = No
c) Lack of kernel built-in support for tmpfs, sysfs = No
d) Lack of kernel built-in support for device-mapper, dm-crypt = No *
e) Lack of kernel built-in support for ciphers = No
f) Lack of Busybox mdev support = No
*
Code: |
> zcat /proc/config.gz | grep CONFIG_BLK_DEV_DM
# outputs
CONFIG_BLK_DEV_DM=y # must be built-in, no module
>zcat /proc/config.gz | grep CONFIG_DM_CRYPT
# outputs
CONFIG_DM_CRYPT=y
|
If all the above is ok, then what on earth could be causing init to fail.. ?
You do have "cut" support built in busybox, right ?
I'd really like to know why it fails there, so, can you replace the init from you initramfs image with this one and recompile your kernel(no need to change your grub.conf, just make sure root= argument has the proper value) ?
Code: |
#!/bin/sh
export PATH=/sbin:/bin
dmesg -n 1
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
CMDLINE=`cat /proc/cmdline`
# Populate /dev from /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s
for param in $CMDLINE; do
case "$param" in
loadkmap=*) loadkeymap="`echo $param | cut -d= -f2`";;
loadfont=*) font="`echo $param | cut -d= -f2`";;
rescue) echo "Rescue Mode -- Dropping you into a minimal shell..";
exec /bin/sh;;
gpg=*) # the user has the keys on a gpg encrypted file
use_gpg="`echo $param | cut -d= -f2`";;
root=*) # get root and fs type
root_dev="`echo $param | cut -d= -f2 | cut -d: -f1`";
fs_type="`echo $param | cut -d: -f2`";
;;
esac
done
echo "Root variables.."
echo "root_dev = " $root_dev
echo "fs_type = " $fs_type
echo "Executing cryptsetup..."
cryptsetup luksOpen $root_dev root
echo "Dropping you into a minimal shell.."
exec /bin/sh
|
First check that the root variables have the proper values, in your case it should output this:
Code: |
root_dev = /dev/sda2
fs_type = ext3
|
If the above values are ok, then executing cryptsetup to open your LUKS partition should work, if it doesn't, then check that you have /dev/sda2 and /dev/mapper/control, if you have built busybox with "ls" support you can use that, if not, either rebuild your busybox with ls support or try executing those files just to see if they are there or not.
Some answers to your questions,
Quote: |
proc, sys, and tmpfs were already mounted when I dropped to sh in rescue mode. /sbin/mdev -s executed but produced no output or anything, just dropped me back to a prompt (not sure what it's supposed to do).
|
Yes, they're already mounted, and /dev is populated because the same commands get executed before it drops you into the minimal shell.
mdev is mini udev for busybox, it's used to populate /dev from /sys
Quote: |
I did not create the /dev/mapper/control or /dev/mapper/root nodes at the end of the howto as you stated it was optional and they should be created at startup anyway...perhaps this is part of the problem? I would tend to think it isn't, since like I said I can manually use cryptsetup to open /dev/sda2 and map it to /dev/mapper/root...
|
What I meant there is for your root partition not the initramfs.
You don't need to create them for your initramfs image, that's mdev job.
Quote: |
a note here, I am using AES and not blowfish
|
Blowfish was only used to encrypt swap for installation, the guide uses the serpent cipher as a default for encrypting partitions.
Let me know how it went,
Bye
PS: I'm going to compile the exact kernel version you have and rebuild the initramfs from scratch later to check once again that everything works here. |
|
Back to top |
|
|
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Wed May 17, 2006 6:55 pm Post subject: |
|
|
Ok, that new init worked. Returned:
Code: | Key slot 1 unlocked
Command successful
Dropping you into a minimal shell |
The variables were also obviously correct. Very strange. I've tried recompiling with the original init several times before, but I'll give it one more shot, maybe I screwed up somewhere... |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Wed May 17, 2006 7:04 pm Post subject: |
|
|
andersenep wrote: | Ok, that new init worked. Returned:
Code: | Key slot 1 unlocked
Command successful
Dropping you into a minimal shell |
The variables were also obviously correct. Very strange. I've tried recompiling with the original init several times before, but I'll give it one more shot, maybe I screwed up somewhere... |
Then the init that's on my website should work too, really.
But, before you recompile again, please, download the init file again and do this:
diff --brief old_init new_init
If they differ, I want to see your old_init, problably you edited it, and left something that shouldn't be there(a typo). |
|
Back to top |
|
|
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Wed May 17, 2006 7:14 pm Post subject: |
|
|
I already recompiled...It cannot be anything I changed, like I said I've rm'd and redownloaded the original init from your website several times, and I just did it again. All I did was wget and chmod 0755 it and then compressed it, copied it to /usr/src/linux/usr and touched it. Then recompiled. Same result: "Command Failed: No key available with that passphrase"... |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Wed May 17, 2006 9:46 pm Post subject: |
|
|
Oops, It was my mistake , the init script was bad, don't know why I uploaded that one.
It was working for me because the init I was using was not the same that was in the guide and at my website.
They were similar, except that the init you were using didn't have the variables properly enclosed, this caused an if -n ( ! null) statement to misbehave.
Download the init script again, and try it, it should work.
Also, I've uploaded the guide to correct it.
Bye
[edit]
Even worse is the fact that I overlooked it many times when looking at the flawed init.
[/edit] |
|
Back to top |
|
|
andersenep n00b
Joined: 31 Dec 2004 Posts: 20 Location: Everett, Washington
|
Posted: Wed May 17, 2006 10:40 pm Post subject: |
|
|
That did it, works now. Thanks for sorting everything out with me! |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Wed May 17, 2006 10:48 pm Post subject: |
|
|
andersenep wrote: | That did it, works now. Thanks for sorting everything out with me! |
Thanks to you many things were corrected and the next person(s) following the guide shouldn't have any problems.
Bye |
|
Back to top |
|
|
mephist0 Tux's lil' helper
Joined: 19 Sep 2005 Posts: 94 Location: Germany, Frankfurt/Main
|
Posted: Tue May 23, 2006 6:48 pm Post subject: |
|
|
Hi !
I want to encrypt my partition with gpg !
but gpg isnt on any gentoo install or livecd ...
so how do i do it ?
thanks soo much _________________ There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'
Photography portfolio |
|
Back to top |
|
|
mephist0 Tux's lil' helper
Joined: 19 Sep 2005 Posts: 94 Location: Germany, Frankfurt/Main
|
Posted: Thu May 25, 2006 4:40 pm Post subject: |
|
|
*push* _________________ There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'
Photography portfolio |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Thu May 25, 2006 11:14 pm Post subject: |
|
|
Hi,
mephist0 wrote: | Hi !
I want to encrypt my partition with gpg !
|
The key for your root partition will be encrypted using GnuPG, not the partition itself, I'm sure this is what you meant.
mephist0 wrote: |
but gpg isnt on any gentoo install or livecd ...
so how do i do it ?
thanks soo much |
If you're installing Gentoo from scratch, you'll need a statically linked gpg, I don't know if there is any livecd that ships with it by default.
If the Gentoo livecds don't have it, perhaps Knoppix or Slax do ?
If you can't find a livecd that has it, then there is another way, you can use a normal passphrase and when you finish the installation, add the gpg protected key later as an additional passphrase(and if you want, delete the original passphrase).
Another way, if you have a current working system, you can emerge gnupg with the static flag turned on, and use this executable during your Gentoo installation.
Do you have your Gentoo system already encrypted ?
Are you planning on booting from an usb-stick ?
I tested the booting from an usb-stick with a gpg protected key and it worked, but there're still a couple of things that could be improved, you should _read the comments_ on the init script.
Bye, |
|
Back to top |
|
|
mephist0 Tux's lil' helper
Joined: 19 Sep 2005 Posts: 94 Location: Germany, Frankfurt/Main
|
Posted: Fri May 26, 2006 8:54 am Post subject: |
|
|
Reikinio wrote: | Hi,
mephist0 wrote: | Hi !
I want to encrypt my partition with gpg !
|
The key for your root partition will be encrypted using GnuPG, not the partition itself, I'm sure this is what you meant.
mephist0 wrote: |
but gpg isnt on any gentoo install or livecd ...
so how do i do it ?
thanks soo much |
If you're installing Gentoo from scratch, you'll need a statically linked gpg, I don't know if there is any livecd that ships with it by default.
If the Gentoo livecds don't have it, perhaps Knoppix or Slax do ?
If you can't find a livecd that has it, then there is another way, you can use a normal passphrase and when you finish the installation, add the gpg protected key later as an additional passphrase(and if you want, delete the original passphrase).
Another way, if you have a current working system, you can emerge gnupg with the static flag turned on, and use this executable during your Gentoo installation.
Do you have your Gentoo system already encrypted ?
Are you planning on booting from an usb-stick ?
I tested the booting from an usb-stick with a gpg protected key and it worked, but there're still a couple of things that could be improved, you should _read the comments_ on the init script.
Bye, |
Hi !
thanks !
I found Kanotix, its a 64bit livecd and has gpg
Yes, I want to use a USB-Stick for the key. If I run into problems, I post my questions _________________ There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'
Photography portfolio |
|
Back to top |
|
|
mephist0 Tux's lil' helper
Joined: 19 Sep 2005 Posts: 94 Location: Germany, Frankfurt/Main
|
Posted: Fri May 26, 2006 8:56 pm Post subject: |
|
|
Hi !
I want to boot from usb stick...
Booting works fine, but the kernel doesnt find the init file ...
here is the listings of the image :
Code: |
root@1[temp_image_dir]# ls -l
insgesamt 36
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 bin
drwxr-xr-x 2 root root 4096 2006-05-26 21:40 dev
drwxr-xr-x 2 root root 4096 2006-05-26 21:42 etc
-rwxr-xr-x 1 root root 2883 2006-05-26 21:38 init
drwxr-xr-x 2 root root 4096 2006-05-26 21:29 lib64
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 new-root
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 proc
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 sbin
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 sys
root@1[temp_image_dir]# ls -lR
.:
insgesamt 36
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 bin
drwxr-xr-x 2 root root 4096 2006-05-26 21:40 dev
drwxr-xr-x 2 root root 4096 2006-05-26 21:42 etc
-rwxr-xr-x 1 root root 2883 2006-05-26 21:38 init
drwxr-xr-x 2 root root 4096 2006-05-26 21:29 lib64
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 new-root
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 proc
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 sbin
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 sys
./bin:
insgesamt 2292
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 [ -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 [[ -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 ash -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 bunzip2 -> busybox
-rwxr-xr-x 1 root root 724864 2006-05-26 21:29 busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 bzcat -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 cat -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 clear -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 cut -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 dmesg -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 dumpkmap -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 echo -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 false -> busybox
-rwx--x--x 1 root root 1611696 2006-05-26 21:46 gpg
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 gunzip -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 loadfont -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 mesg -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 mkdir -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 mount -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 mountpoint -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 test -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 true -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 umount -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 unzip -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 uuencode -> busybox
lrwxrwxrwx 1 root root 7 2006-05-26 21:29 zcat -> busybox
./dev:
insgesamt 0
crw------- 1 root root 5, 1 2006-05-26 21:40 console
crw-rw-rw- 1 root root 1, 3 2006-05-26 21:40 null
./etc:
insgesamt 8
-rwxr-xr-x 1 root root 2823 2006-05-26 21:41 de-latin1-nodeadkeys-x86_64.bin
-rw-r--r-- 1 root root 234 2006-05-26 21:46 root_key.gpg
./lib64:
insgesamt 0
./new-root:
insgesamt 0
./proc:
insgesamt 0
./sbin:
insgesamt 2428
-rwxr-xr-x 1 root root 861104 2006-05-26 21:37 cryptsetup
-rwx--x--x 1 root root 1611696 2006-05-26 21:46 gpg
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 halt -> ../bin/busybox
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 loadkmap -> ../bin/busybox
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 mdev -> ../bin/busybox
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 modprobe -> ../bin/busybox
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 poweroff -> ../bin/busybox
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 reboot -> ../bin/busybox
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 start-stop-daemon -> ../bin/busybox
lrwxrwxrwx 1 root root 14 2006-05-26 21:29 switch_root -> ../bin/busybox
./sys:
insgesamt 0
|
I gzipped it as described in the wiki ...
moved it to /
gunziped it
put "initramfs_data.cpio" to kernel options, compiled and copied the kernel dir and the image to the usb-stick
Code: |
ls -l /mnt/usb/
insgesamt 4073
-rw-r--r-- 1 root root 285 2006-05-26 22:06 extlinux.conf
-r--r--r-- 1 root root 9756 2006-05-26 15:59 extlinux.sys
-rw-r--r-- 1 root root 4098404 2006-05-26 22:06 kernel-2.6.16-gentoo-r7
drwxr-xr-x 20 root root 1024 2006-05-26 22:03 linux-2.6.16-gentoo-r7
drwx------ 2 root root 12288 2006-05-26 11:39 lost+found
-rwxr-xr-x 1 root root 26756 2006-05-26 14:42 menu.c32
-rw-r--r-- 1 root root 234 2006-05-26 14:41 root_key.gpg
|
I try now copying the init to the usb root folder ... but I dont think it will work
hope anyone can help me ... thanks _________________ There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'
Photography portfolio |
|
Back to top |
|
|
Reikinio Apprentice
Joined: 14 Aug 2005 Posts: 203 Location: Uruguay
|
Posted: Sat May 27, 2006 5:19 am Post subject: |
|
|
Hi,
I've noticed you posted in this thread a while ago, if your system is already encrypted there is no need to reintall and encrypt it again. You can perform the steps to prepare the initrmafs, usb-stick, etc.. from inside your working system.
Also, I added a warning to the guide for users who plan to boot from an usb-stick, I'll paste it here as well.
guide wrote: |
Warning: Users who plan on booting from an usb-stick:
Your usb-stick will be the only way to access your system, if you lose it or someone wipes its contents, you can say goodbye to all the data those key(s) were protecting.
You should consider adding an additional passphrase as a fallback method.
"You have been warned.."
|
Also, I've uploaded a new init script, which basically has more if tests to show the user errors to help him/her find out what went wrong and where.
This new init script has also a different way to handle the luksOpen with a gpg protected key.
mephist0: you should use the new init script.
andersenep: there is no need to recompile just to use the new init script.
Anway,
mephist0 wrote: |
Booting works fine, but the kernel doesnt find the init file ...
...
|
Could you provide the actual error message(or at least, some of it) .
My guess is that the initramfs built into the kernel is not the actual initramfs image you created, after you create the initramfs image(compress the proper directory), you have to place this file in /usr/src/linux/usr, like this:
Code: |
# copy your cpio archive, it'll be built directly.
cp -i /path/to/initramfs_data.cpio.gz /usr/src/linux/usr/
touch /usr/src/linux/usr/initramfs_data.cpio.gz
|
The commands above are in the guide.
After you place this file there, you have to configure your kernel and compile it.
mephist0 wrote: |
I gzipped it as described in the wiki ...
moved it to /
gunziped it
put "initramfs_data.cpio" to kernel options, compiled and copied the kernel dir and the image to the usb-stick
|
Sorry, I don't understand what you mean here, you have to put initramfs_data.cpio.gz in /usr/src/linuc/usr and that's it, there is no need to edit CONFIG_INITRAMFS_SOURCE, if that is what you meant.
mephist0 wrote: |
Code: |
ls -l /mnt/usb/
insgesamt 4073
-rw-r--r-- 1 root root 285 2006-05-26 22:06 extlinux.conf
-r--r--r-- 1 root root 9756 2006-05-26 15:59 extlinux.sys
-rw-r--r-- 1 root root 4098404 2006-05-26 22:06 kernel-2.6.16-gentoo-r7
drwxr-xr-x 20 root root 1024 2006-05-26 22:03 linux-2.6.16-gentoo-r7
drwx------ 2 root root 12288 2006-05-26 11:39 lost+found
-rwxr-xr-x 1 root root 26756 2006-05-26 14:42 menu.c32
-rw-r--r-- 1 root root 234 2006-05-26 14:41 root_key.gpg
|
I try now copying the init to the usb root folder ... but I dont think it will work
hope anyone can help me ... thanks |
root_key.gpg must be placed inside the initramfs image in etc/ , the init script will look for it there, it will not mount your usb-stick.
When your system boots, the kernel will extract the cpio format archive(initramfs image) into rootfs, then it will execute init, which in turn will look for the gpg file in /etc.
Let me know if you encounter any problems, I'll try to help you out, but please try to post error message if possible, this helps a lot.
Bye |
|
Back to top |
|
|
mephist0 Tux's lil' helper
Joined: 19 Sep 2005 Posts: 94 Location: Germany, Frankfurt/Main
|
Posted: Sat May 27, 2006 8:46 am Post subject: |
|
|
Reikinio wrote: |
Sorry, I don't understand what you mean here, you have to put initramfs_data.cpio.gz in /usr/src/linuc/usr and that's it, there is no need to edit CONFIG_INITRAMFS_SOURCE, if that is what you meant.
Let me know if you encounter any problems, I'll try to help you out, but please try to post error message if possible, this helps a lot.
Bye |
Hi,
If I only copy the initramfs_data.cpio.gz to /usr/src/linux/usr it compiles a defaulte one and overwrites my image.
Code: |
HOSTCC usr/gen_init_cpio
CHK usr/initramfs_list
UPD usr/initramfs_list
CPIO usr/initramfs_data.cpio
GZIP usr/initramfs_data.cpio.gz
|
The error message :
Code: | Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel |
but the init is in the initramfs image and I chmod +x it ...
and the root_key.gpg is also in /etc...
Im out of ideas ... _________________ There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'
Photography portfolio |
|
Back to top |
|
|
polovsky n00b
Joined: 11 May 2004 Posts: 1
|
Posted: Sat May 27, 2006 11:58 am Post subject: |
|
|
mephist0 wrote: |
The error message :
Code: | Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel |
but the init is in the initramfs image and I chmod +x it ...
and the root_key.gpg is also in /etc...
Im out of ideas ... |
Hi,
In your initramfs image "/bin/sh" is missing.
Bye |
|
Back to top |
|
|
mephist0 Tux's lil' helper
Joined: 19 Sep 2005 Posts: 94 Location: Germany, Frankfurt/Main
|
Posted: Sat May 27, 2006 12:40 pm Post subject: |
|
|
polovsky wrote: | mephist0 wrote: |
The error message :
Code: | Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel |
but the init is in the initramfs image and I chmod +x it ...
and the root_key.gpg is also in /etc...
Im out of ideas ... |
Hi,
In your initramfs image "/bin/sh" is missing.
Bye |
thanks, fixed it ...
but ... new error
[: -eq unkown operand
and it drops me to the minimal shell ... _________________ There is only one God, and his name is Death. And there is only one thing we say to Death: 'Not today!'
Photography portfolio |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|