[Support] System Encryption DM-Crypt with LUKS

[andersenep]

I set set the line:

Code: Select all

root=*) # get root and fs type

to:

Code: Select all

root=/dev/sda2:ext3) # get root and fs type

which is my encrypted root partition.
[/code]

I did try using the script unmodified which I think is how it is supposed to work.

[Reikinio]

Hi,

I've stuck to the howto as closely as possible and I think my main problem is with initramfs. I'm using gentoo-sources-2.6.16-r7 and for starters there is no default initramfs_date.cpio.gz in /usr/src/linux/usr.

Yes, unless you're recompiling the kernel, there will be no initramfs_data.cpio.gz archieve there, all 2.6 kernels contain a default cpio archive if the user doesn't supply one, this default cpio archive is generated when you compile your kernel.
I have fixed the text in the guide that produced this confusion.

All you have to do is to place your initramfs image(initramfs_data.cpio.gz) in /usr/src/linux/usr, and the kernel will built it directly, there is no need to edit CONFIG_INITRAMFS_SOURCE.

The init file is supposed to work, there is no need to edit the root variable by hand, just make sure you're passing the right argument when you boot your system.

How are you generating your initramfs image ?
It seems to me you're using the first method(using the busybox install.sh script), if so, make sure you don't forget anything.
Also, if you're copying the init file, make sure it's not missing any line of code.

Your grub configuration seems ok.
If you're still having problems, please post the init error if any(this helps a lot), and your partition scheme too.

Bye,

[andersenep]

Well, the first error I got was "Failed to execute /init", so I chmod +x'd it, recompiled and now it progress a bit further until it says "unable to open initial console" and reboots. I was using the install.sh method for building the initramfs_data.cpio.gz. I think I'll just start over from scratch on the whole initramfs image, and maybe try the second method. Thanks for your help.

[Reikinio]

Well, the first error I got was "Failed to execute /init", so I chmod +x'd it, recompiled and now it progress a bit further until it says "unable to open initial console" and reboots. I was using the install.sh method for building the initramfs_data.cpio.gz. I think I'll just start over from scratch on the whole initramfs image, and maybe try the second method. Thanks for your help.

Oops, I am sorry, I forgot to add some commands to the install.sh box code.
The "unable to open initial console" message you got is because there was no console device on your initramfs image, I've added the missing commands to the guide.
It should work fine now.

Bye

[andersenep]

Alright! initramfs image seems to work fine now, I'm getting my ascii skull and prompt, but cryptsetup does not seem to like either of the passphrases I set on my root partition. I'm able to use both passphrases from the command line on my old root, and the cryptsetup I have in sbin/ in my initramfs image is the proper one (cryptsetup-luks v1.0.3 from portage). I tried several times to make sure I didn't just typo...All I get is "passphrase not recognized" and a power off...Any ideas?

Thanks a bunch for your timely help and for the howto (I'd never have made it this far on my own).

[Reikinio]

Alright! initramfs image seems to work fine now, I'm getting my ascii skull and prompt, but cryptsetup does not seem to like either of the passphrases I set on my root partition. I'm able to use both passphrases from the command line on my old root, and the cryptsetup I have in sbin/ in my initramfs image is the proper one (cryptsetup-luks v1.0.3 from portage). I tried several times to make sure I didn't just typo...All I get is "passphrase not recognized" and a power off...Any ideas?

Thanks a bunch for your timely help and for the howto (I'd never have made it this far on my own).

Thanks,

Does the error message looks like this:

Code: Select all

Command failed: No key available with this passphrase

If this is the case, then

Check that you have dm-crypt and device-mapper included in the kernel.
Check you have the necessary ciphers included in the kernel.

It could also be that your keymap is incorrect(the keys values are not what you expect), you can test this by passing the "rescue" argument to the kernel line in your grub.conf, and type something, but this shouldn't be an issue for you since you live in the US.

[andersenep]

That is the error I am getting. When I boot into rescue mode, I am able to unlock the partition with "sbin/cryptsetup luksOpen /dev/sda2 root" without any problems, so I'm pretty sure my kernel config is correct. Keymap works fine...I downloaded the init script from the link on the howto so I don't think it's any misconfiguration there...Strange...

[Reikinio]

That is the error I am getting. When I boot into rescue mode, I am able to unlock the partition with "sbin/cryptsetup luksOpen /dev/sda2 root" without any problems, so I'm pretty sure my kernel config is correct. Keymap works fine...I downloaded the init script from the link on the howto so I don't think it's any misconfiguration there...Strange...

How can it execute fine if you run it manually(in rescue mode) and fail if executed by the init script?
There is no magic in the init script, it's pretty simple.

That error message could be caused by:
a) lack of device-mapper and dm-crypt support built in the kernel
b) lack of support for the needed ciphers(plus sha256)
c) lack of /dev/mapper/control
d) wrong keymap
e) wrong passphrase

If you're sure (d) and (e) are ok, then it must be one of the other 3.
Please make sure your kernel has the required support built-in, which also includes support for tmpfs and sysfs(CONFIG_TMPFS=y , CONFIG_SYSFS=y at File systems/Pseudo filesystems)
Make sure you built busybox with mdev support, go into rescue mode and execute:

Code: Select all

/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s, 
 # any errors?

If all of the above is correct, and still it doesn't work, then I don't know.. It should work, here it's working fine.

Let me know how it went.

Bye

[andersenep]

I don't know why it works in rescue mode, but it does...

That error message could be caused by:
a) lack of device-mapper and dm-crypt support built in the kernel

Code: Select all

CONFIG_DM_CRYPT=y
CONFIG_BLK_DEV_DM=y

b) lack of support for the needed ciphers(plus sha256)

a note here, I am using AES and not blowfish

Code: Select all

Cipher name:    aes
Cipher mode:    cbc-plain:sha1
Hash spec:      sha1

From kernel config:

Code: Select all

CONFIG_DM_CRYPT=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=y

everything else compiled as modules. Again, I'm fairly certain I have the correct cipher support in the kernel as I can unlock the partition manually.

c) lack of /dev/mapper/control

I did not create the /dev/mapper/control or /dev/mapper/root nodes at the end of the howto as you stated it was optional and they should be created at startup anyway...perhaps this is part of the problem? I would tend to think it isn't, since like I said I can manually use cryptsetup to open /dev/sda2 and map it to /dev/mapper/root...

Please make sure your kernel has the required support built-in, which also includes support for tmpfs and sysfs(CONFIG_TMPFS=y , CONFIG_SYSFS=y at File systems/Pseudo filesystems)

from kernel config:

Code: Select all

CONFIG_SYSFS=y
CONFIG_TMPFS=y

Make sure you built busybox with mdev support, go into rescue mode and execute:

Code: Select all

/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s, 
 # any errors?

from busybox config:

Code: Select all

CONFIG_MDEV=y
# CONFIG_FEATURE_MDEV_CONF is not set

proc, sys, and tmpfs were already mounted when I dropped to sh in rescue mode. /sbin/mdev -s executed but produced no output or anything, just dropped me back to a prompt (not sure what it's supposed to do).

[Reikinio]

I honestly cannot understand how you can open the LUKS partition in rescue mode, but the init script fails for you, as I said the init script is very simple.

Let's summarize what we know:
a) Wrong keymap = No
b) Wrong Passphrase = No
c) Lack of kernel built-in support for tmpfs, sysfs = No
d) Lack of kernel built-in support for device-mapper, dm-crypt = No *
e) Lack of kernel built-in support for ciphers = No
f) Lack of Busybox mdev support = No

*

Code: Select all

> zcat /proc/config.gz | grep CONFIG_BLK_DEV_DM
# outputs
CONFIG_BLK_DEV_DM=y  # must be built-in, no module
>zcat /proc/config.gz | grep CONFIG_DM_CRYPT
# outputs
CONFIG_DM_CRYPT=y 

If all the above is ok, then what on earth could be causing init to fail.. ?
You do have "cut" support built in busybox, right ?

I'd really like to know why it fails there, so, can you replace the init from you initramfs image with this one and recompile your kernel(no need to change your grub.conf, just make sure root= argument has the proper value) ?

Code: Select all

#!/bin/sh
export PATH=/sbin:/bin
dmesg -n 1
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
CMDLINE=`cat /proc/cmdline`

# Populate /dev from /sys
/bin/mount -t tmpfs tmpfs /dev
/sbin/mdev -s

 
for param in $CMDLINE; do
    case "$param" in
        loadkmap=*) loadkeymap="`echo $param | cut -d= -f2`";;
	loadfont=*) font="`echo $param | cut -d= -f2`";;
        rescue) echo "Rescue Mode -- Dropping you into a minimal shell..";
                exec /bin/sh;;
	gpg=*) # the user has the keys on a gpg encrypted file
		use_gpg="`echo $param | cut -d= -f2`";;
        root=*) # get root and fs type 
		root_dev="`echo $param | cut -d= -f2 | cut -d: -f1`";
		fs_type="`echo $param | cut -d: -f2`";
		;;
    esac
done
echo "Root variables.."
echo "root_dev = " $root_dev
echo "fs_type   = " $fs_type
echo "Executing cryptsetup..."
cryptsetup luksOpen $root_dev root
echo "Dropping you into a minimal shell.."
exec /bin/sh

First check that the root variables have the proper values, in your case it should output this:

Code: Select all

root_dev =  /dev/sda2
fs_type   =  ext3

If the above values are ok, then executing cryptsetup to open your LUKS partition should work, if it doesn't, then check that you have /dev/sda2 and /dev/mapper/control, if you have built busybox with "ls" support you can use that, if not, either rebuild your busybox with ls support or try executing those files just to see if they are there or not.

Some answers to your questions,

proc, sys, and tmpfs were already mounted when I dropped to sh in rescue mode. /sbin/mdev -s executed but produced no output or anything, just dropped me back to a prompt (not sure what it's supposed to do).

Yes, they're already mounted, and /dev is populated because the same commands get executed before it drops you into the minimal shell.
mdev is mini udev for busybox, it's used to populate /dev from /sys

I did not create the /dev/mapper/control or /dev/mapper/root nodes at the end of the howto as you stated it was optional and they should be created at startup anyway...perhaps this is part of the problem? I would tend to think it isn't, since like I said I can manually use cryptsetup to open /dev/sda2 and map it to /dev/mapper/root...

What I meant there is for your root partition not the initramfs.
You don't need to create them for your initramfs image, that's mdev job.

a note here, I am using AES and not blowfish

Blowfish was only used to encrypt swap for installation, the guide uses the serpent cipher as a default for encrypting partitions.

Let me know how it went,
Bye

PS: I'm going to compile the exact kernel version you have and rebuild the initramfs from scratch later to check once again that everything works here.

[andersenep]

Ok, that new init worked. Returned:

Code: Select all

Key slot 1 unlocked
Command successful
Dropping you into a minimal shell

The variables were also obviously correct. Very strange. I've tried recompiling with the original init several times before, but I'll give it one more shot, maybe I screwed up somewhere...

[Reikinio]

Ok, that new init worked. Returned:

Code: Select all

Key slot 1 unlocked
Command successful
Dropping you into a minimal shell

The variables were also obviously correct. Very strange. I've tried recompiling with the original init several times before, but I'll give it one more shot, maybe I screwed up somewhere...

Then the init that's on my website should work too, really.

But, before you recompile again, please, download the init file again and do this:
diff --brief old_init new_init
If they differ, I want to see your old_init, problably you edited it, and left something that shouldn't be there(a typo).

[andersenep]

I already recompiled...It cannot be anything I changed, like I said I've rm'd and redownloaded the original init from your website several times, and I just did it again. All I did was wget and chmod 0755 it and then compressed it, copied it to /usr/src/linux/usr and touched it. Then recompiled. Same result: "Command Failed: No key available with that passphrase"...

[Reikinio]

Oops, It was my mistake , the init script was bad, don't know why I uploaded that one.
It was working for me because the init I was using was not the same that was in the guide and at my website.
They were similar, except that the init you were using didn't have the variables properly enclosed, this caused an if -n ( ! null) statement to misbehave.
Download the init script again, and try it, it should work.

Also, I've uploaded the guide to correct it.

Bye

[edit]
Even worse is the fact that I overlooked it many times when looking at the flawed init.

[/edit]

[andersenep]

That did it, works now. Thanks for sorting everything out with me!

[Reikinio]

That did it, works now. Thanks for sorting everything out with me!

Thanks to you many things were corrected and the next person(s) following the guide shouldn't have any problems.


Bye

[mephist0]

Hi !

I want to encrypt my partition with gpg !

but gpg isnt on any gentoo install or livecd ...

so how do i do it ?

thanks soo much

[mephist0]

*push*

[Reikinio]

Hi,

Hi !

I want to encrypt my partition with gpg !

The key for your root partition will be encrypted using GnuPG, not the partition itself, I'm sure this is what you meant.

but gpg isnt on any gentoo install or livecd ...

so how do i do it ?

thanks soo much

If you're installing Gentoo from scratch, you'll need a statically linked gpg, I don't know if there is any livecd that ships with it by default.
If the Gentoo livecds don't have it, perhaps Knoppix or Slax do ?

If you can't find a livecd that has it, then there is another way, you can use a normal passphrase and when you finish the installation, add the gpg protected key later as an additional passphrase(and if you want, delete the original passphrase).

Another way, if you have a current working system, you can emerge gnupg with the static flag turned on, and use this executable during your Gentoo installation.

Do you have your Gentoo system already encrypted ?
Are you planning on booting from an usb-stick ?

I tested the booting from an usb-stick with a gpg protected key and it worked, but there're still a couple of things that could be improved, you should _read the comments_ on the init script.

Bye,

[mephist0]

Hi,

Hi !

I want to encrypt my partition with gpg !

The key for your root partition will be encrypted using GnuPG, not the partition itself, I'm sure this is what you meant.

but gpg isnt on any gentoo install or livecd ...

so how do i do it ?

thanks soo much

If you're installing Gentoo from scratch, you'll need a statically linked gpg, I don't know if there is any livecd that ships with it by default.
If the Gentoo livecds don't have it, perhaps Knoppix or Slax do ?

If you can't find a livecd that has it, then there is another way, you can use a normal passphrase and when you finish the installation, add the gpg protected key later as an additional passphrase(and if you want, delete the original passphrase).

Another way, if you have a current working system, you can emerge gnupg with the static flag turned on, and use this executable during your Gentoo installation.

Do you have your Gentoo system already encrypted ?
Are you planning on booting from an usb-stick ?

I tested the booting from an usb-stick with a gpg protected key and it worked, but there're still a couple of things that could be improved, you should _read the comments_ on the init script.

Bye,

Hi !

thanks !

I found Kanotix, its a 64bit livecd and has gpg

Yes, I want to use a USB-Stick for the key. If I run into problems, I post my questions

[mephist0]

Hi !

I want to boot from usb stick...

Booting works fine, but the kernel doesnt find the init file ...

here is the listings of the image :

Code: Select all

root@1[temp_image_dir]# ls -l
insgesamt 36
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 bin
drwxr-xr-x 2 root root 4096 2006-05-26 21:40 dev
drwxr-xr-x 2 root root 4096 2006-05-26 21:42 etc
-rwxr-xr-x 1 root root 2883 2006-05-26 21:38 init
drwxr-xr-x 2 root root 4096 2006-05-26 21:29 lib64
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 new-root
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 proc
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 sbin
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 sys
root@1[temp_image_dir]# ls -lR
.:
insgesamt 36
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 bin
drwxr-xr-x 2 root root 4096 2006-05-26 21:40 dev
drwxr-xr-x 2 root root 4096 2006-05-26 21:42 etc
-rwxr-xr-x 1 root root 2883 2006-05-26 21:38 init
drwxr-xr-x 2 root root 4096 2006-05-26 21:29 lib64
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 new-root
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 proc
drwxr-xr-x 2 root root 4096 2006-05-26 21:46 sbin
drwxr-xr-x 2 root root 4096 2006-05-26 21:31 sys

./bin:
insgesamt 2292
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 [ -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 [[ -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 ash -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 bunzip2 -> busybox
-rwxr-xr-x 1 root root  724864 2006-05-26 21:29 busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 bzcat -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 cat -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 clear -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 cut -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 dmesg -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 dumpkmap -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 echo -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 false -> busybox
-rwx--x--x 1 root root 1611696 2006-05-26 21:46 gpg
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 gunzip -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 loadfont -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mesg -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mkdir -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mount -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 mountpoint -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 test -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 true -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 umount -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 unzip -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 uuencode -> busybox
lrwxrwxrwx 1 root root       7 2006-05-26 21:29 zcat -> busybox

./dev:
insgesamt 0
crw------- 1 root root 5, 1 2006-05-26 21:40 console
crw-rw-rw- 1 root root 1, 3 2006-05-26 21:40 null

./etc:
insgesamt 8
-rwxr-xr-x 1 root root 2823 2006-05-26 21:41 de-latin1-nodeadkeys-x86_64.bin
-rw-r--r-- 1 root root  234 2006-05-26 21:46 root_key.gpg

./lib64:
insgesamt 0

./new-root:
insgesamt 0

./proc:
insgesamt 0

./sbin:
insgesamt 2428
-rwxr-xr-x 1 root root  861104 2006-05-26 21:37 cryptsetup
-rwx--x--x 1 root root 1611696 2006-05-26 21:46 gpg
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 halt -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 loadkmap -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 mdev -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 modprobe -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 poweroff -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 reboot -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 start-stop-daemon -> ../bin/busybox
lrwxrwxrwx 1 root root      14 2006-05-26 21:29 switch_root -> ../bin/busybox

./sys:
insgesamt 0

I gzipped it as described in the wiki ...
moved it to /
gunziped it
put "initramfs_data.cpio" to kernel options, compiled and copied the kernel dir and the image to the usb-stick

Code: Select all

ls -l /mnt/usb/
insgesamt 4073
-rw-r--r--  1 root root     285 2006-05-26 22:06 extlinux.conf
-r--r--r--  1 root root    9756 2006-05-26 15:59 extlinux.sys
-rw-r--r--  1 root root 4098404 2006-05-26 22:06 kernel-2.6.16-gentoo-r7
drwxr-xr-x 20 root root    1024 2006-05-26 22:03 linux-2.6.16-gentoo-r7
drwx------  2 root root   12288 2006-05-26 11:39 lost+found
-rwxr-xr-x  1 root root   26756 2006-05-26 14:42 menu.c32
-rw-r--r--  1 root root     234 2006-05-26 14:41 root_key.gpg

I try now copying the init to the usb root folder ... but I dont think it will work

hope anyone can help me ... thanks

[Reikinio]

Hi,
I've noticed you posted in this thread a while ago, if your system is already encrypted there is no need to reintall and encrypt it again. You can perform the steps to prepare the initrmafs, usb-stick, etc.. from inside your working system.
Also, I added a warning to the guide for users who plan to boot from an usb-stick, I'll paste it here as well.

Warning: Users who plan on booting from an usb-stick:

Your usb-stick will be the only way to access your system, if you lose it or someone wipes its contents, you can say goodbye to all the data those key(s) were protecting.
You should consider adding an additional passphrase as a fallback method.
"You have been warned.."

Also, I've uploaded a new init script, which basically has more if tests to show the user errors to help him/her find out what went wrong and where.
This new init script has also a different way to handle the luksOpen with a gpg protected key.
mephist0: you should use the new init script.
andersenep: there is no need to recompile just to use the new init script.

Anway,

Booting works fine, but the kernel doesnt find the init file ...
...

Could you provide the actual error message(or at least, some of it) .
My guess is that the initramfs built into the kernel is not the actual initramfs image you created, after you create the initramfs image(compress the proper directory), you have to place this file in /usr/src/linux/usr, like this:

Code: Select all

  # copy your cpio archive, it'll be built directly.
  cp -i /path/to/initramfs_data.cpio.gz /usr/src/linux/usr/
  touch /usr/src/linux/usr/initramfs_data.cpio.gz

The commands above are in the guide.
After you place this file there, you have to configure your kernel and compile it.

I gzipped it as described in the wiki ...
moved it to /
gunziped it
put "initramfs_data.cpio" to kernel options, compiled and copied the kernel dir and the image to the usb-stick

Sorry, I don't understand what you mean here, you have to put initramfs_data.cpio.gz in /usr/src/linuc/usr and that's it, there is no need to edit CONFIG_INITRAMFS_SOURCE, if that is what you meant.

Code: Select all

ls -l /mnt/usb/
insgesamt 4073
-rw-r--r--  1 root root     285 2006-05-26 22:06 extlinux.conf
-r--r--r--  1 root root    9756 2006-05-26 15:59 extlinux.sys
-rw-r--r--  1 root root 4098404 2006-05-26 22:06 kernel-2.6.16-gentoo-r7
drwxr-xr-x 20 root root    1024 2006-05-26 22:03 linux-2.6.16-gentoo-r7
drwx------  2 root root   12288 2006-05-26 11:39 lost+found
-rwxr-xr-x  1 root root   26756 2006-05-26 14:42 menu.c32
-rw-r--r--  1 root root     234 2006-05-26 14:41 root_key.gpg

I try now copying the init to the usb root folder ... but I dont think it will work

hope anyone can help me ... thanks

root_key.gpg must be placed inside the initramfs image in etc/ , the init script will look for it there, it will not mount your usb-stick.
When your system boots, the kernel will extract the cpio format archive(initramfs image) into rootfs, then it will execute init, which in turn will look for the gpg file in /etc.

Let me know if you encounter any problems, I'll try to help you out, but please try to post error message if possible, this helps a lot.

Bye

[mephist0]

Sorry, I don't understand what you mean here, you have to put initramfs_data.cpio.gz in /usr/src/linuc/usr and that's it, there is no need to edit CONFIG_INITRAMFS_SOURCE, if that is what you meant.

Let me know if you encounter any problems, I'll try to help you out, but please try to post error message if possible, this helps a lot.

Bye

Hi,

If I only copy the initramfs_data.cpio.gz to /usr/src/linux/usr it compiles a defaulte one and overwrites my image.

Code: Select all

HOSTCC  usr/gen_init_cpio
  CHK     usr/initramfs_list
  UPD     usr/initramfs_list
  CPIO    usr/initramfs_data.cpio
  GZIP    usr/initramfs_data.cpio.gz

The error message :

Code: Select all

Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel

but the init is in the initramfs image and I chmod +x it ...

and the root_key.gpg is also in /etc...

Im out of ideas ...

[polovsky]

The error message :

Code: Select all

Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel

but the init is in the initramfs image and I chmod +x it ...

and the root_key.gpg is also in /etc...

Im out of ideas ...

Hi,

In your initramfs image "/bin/sh" is missing.

Bye

[mephist0]

The error message :

Code: Select all

Failed to execute /init
Kernel panic, Not syncing, init not found, try passing a init= option to the kernel

but the init is in the initramfs image and I chmod +x it ...

and the root_key.gpg is also in /etc...

Im out of ideas ...

Hi,

In your initramfs image "/bin/sh" is missing.

Bye

thanks, fixed it ...

but ... new error

[: -eq unkown operand

and it drops me to the minimal shell ...