login
Search
have done everything successfully that is required to create an encrypted file system
i am following this link
http://gentoo-wiki.com/SECURITY_Encrypting_Root_Filesystem_with_DM-Crypt
my lilo.conf
# Partition 1: Linux GUI mode
image = /boot/vmlinuz
root = /dev/hdb1
label = linux
append = ""
read-only
# Partition 2: Linux
image = /boot/vmlinuz-2.6.12
root = /dev/hdb1
label = 2.6.12
append = ""
read-only
# Partition 3: Linux
image = /boot/tamu/vmlinuz-slackware-hda1
root = /dev/hda1
label = slackware-hda1
read-only
# Partition 4: Linux
image = /boot/vmlinuz-2.6.12
root = /dev/ram0
#init=/linuxrc
initrd=/boot/myinitrd
label = vector-hdb5
read-only
partition 4 is my encrypted partition.. when i do this
#lilo
i get no error
when i try to boot into this crypted fs i get a kernel panic saying that no init found..
pl help
and yes i forgot here is the o/p of
#lilo -v
LILO version 22.5.9, Copyright (C) 1992-1998 Werner Almesberger
Development beyond version 21 Copyright (C) 1999-2004 John Coffman
Released 08-Apr-2004 and compiled at 00:18:50 on May 21 2004.
Warning: LBA32 addressing assumed
Reading boot sector from /dev/hda
Warning: Kernel & BIOS return differing head/sector geometries for device 0x80
Kernel: 38792 cylinders, 16 heads, 63 sectors
BIOS: 1023 cylinders, 240 heads, 63 sectors
Warning: Kernel & BIOS return differing head/sector geometries for device 0x81
Kernel: 16383 cylinders, 255 heads, 63 sectors
BIOS: 1023 cylinders, 240 heads, 63 sectors
Using BITMAP secondary loader
Calling map_insert_data
Warning: The boot sector and map file are on different disks.
Mapping bitmap file /boot/bitmap/boot.bmp -> boot-shine256.bmp
Calling map_insert_file
Boot image: /boot/vmlinuz -> vmlinuz-scsi-2.4.29
Added linux *
Boot image: /boot/vmlinuz-2.6.12
Added 2.6.12
Boot image: /boot/tamu/vmlinuz-slackware-hda1
Added slackware-hda1
Boot image: /boot/vmlinuz-2.6.12
Mapping RAM disk /boot/myinitrd
Added vector-hdb5
Writing boot sector.
/boot/boot.0300 exists - no boot sector backup copy made.
i am using vector linux
... ohh mann!
Well, your root-partition is encrypted, right?
so how should the kernel know how to decrypt it?
you have to use your "initrd" to pass your password/key _before_ the kernel can mount the root-partition...
thank you...
i am reading the link i provided above
it tells to give a linuxrc script in the initrd image itself i did exactly that here is my /linuxrc
#!/bin/sh
export PATH=/bin:/sbin
# Get cmdline from proc
mount -t proc proc /proc
CMDLINE=`cat /proc/cmdline`
# Create /dev/mapper/control nod for udev systems
sh devmap_mknod.sh
umount /proc
# Mount real root and change to it
sleep 1
cryptsetup -y luksOpen /dev/hdb5 root
while test $? -ne 0; do
cryptsetup -y luksOpen /dev/hdb5 root;
done
# If you use JFS, check the filesystem before mounting to make sure it's clean.
# If it's not clean, mounting will fail.
# fsck.jfs /dev/mapper/root
mount /dev/mapper/root /new
cd /new
mkdir initrd
pivot_root . initrd
# Start init and flush ram device
exec chroot . /bin/sh <<- EOF >/dev/console 2>&1
umount initrd
rm -rf initrd
blockdev --flushbufs /dev/ram0
exec /sbin/init ${CMDLINE}
EOF
i have encrypted hdb5 partition
pl help and thanx
here is the /linuxrc script that i had added in the initrd.gz
#!/bin/sh
export PATH=/bin:/sbin
# Get cmdline from proc
mount -t proc proc /proc
CMDLINE=`cat /proc/cmdline`
# Create /dev/mapper/control nod for udev systems
sh devmap_mknod.sh
umount /proc
# Mount real root and change to it
sleep 1
cryptsetup -y luksOpen /dev/hdb5 root
while test $? -ne 0; do
cryptsetup -y luksOpen /dev/hdb5 root;
done
# If you use JFS, check the filesystem before mounting to make sure it's clean.
# If it's not clean, mounting will fail.
# fsck.jfs /dev/mapper/root
mount /dev/mapper/root /new
cd /new
mkdir initrd
pivot_root . initrd
# Start init and flush ram device
exec chroot . /bin/sh <<- EOF >/dev/console 2>&1
umount initrd
rm -rf initrd
blockdev --flushbufs /dev/ram0
exec /sbin/init ${CMDLINE}
EOF
pl comment and help me out
I might be wrong but I dont t
I might be wrong but I dont think it's necessary to manually create the initrd anymore as is done in that guide you are using, because mkinitrd has been updated. I have successfully set up an encrypted root using a guide that came with the cryptsetup package (in Ubuntu at least):
/usr/share/doc/cryptsetup/CryptoRoot.HowTo
post it pl
can u pl post this read me or tell me a location?
Here you go: -------------
Here you go:
--------------------------------------------------------------------
To setup cryptoroot you will need several things:
- an existing /boot partition
- a boot loader pointing at /boot (i recommend grub)
- a standard debian kernel
- an encrypted partition for the root filesystem
- a /etc/crypttab describing the root filesystem
- a /etc/fstab referring to the encrypted device mapper name
Step by step:
# Enter run-level 1
init 1
# Install a standard debian kernel (>= 2.6.4) and the initrd-tools packages
# Replace 386 with whatever architecture you have (such as k8)
apt-get install initrd-tools kernel-image-2.6.8-1-386
# Edit /etc/crypttab and add the following line
# Replace /dev/hda4 with your backing device (lvm is ok, as is raid)
root /dev/hda4
# Start the encrypted root filesystem
/etc/init.d/cryptdisks start
# Enter a password for the filesystem when prompted
my_boot_password
# Now, setup a filesystem (/dev/mapper/root is always the encrypted disk)
mkfs.ext3 /dev/mapper/root
# Mount the device for initialization
mount /dev/mapper/root /mnt
# Copy your root filesystem into place
cp -axv / /mnt
# Edit the new root's /mnt/etc/fstab to add the line
/dev/mapper/root / ext3 defaults 0 1
# Remove whatever the old root filesystem line was
# Enter the new root filesystem
chroot /mnt /bin/bash
# Mount your core filesystems (/usr, /var, etc)
mount sysfs /sys -t sysfs
mount proc /proc -t proc
mount /dev/??? /boot
# Setup the initrd (change 386 to the correct value)
mkinitrd -o /boot/initrd.img-2.6.7-1-386
# Configure your boot loader to use /dev/mapper/root for the root filesystem
# If you are using grub, you can test boot without changing your old setup
# Re-run your boot-loader setup program if needed (lilo)
# Reboot!
# If all works out, you will be prompted for a password at boot-up
# You can now add entries in /etc/crypttab for other partitions.
# Note that since /etc/keys is encrypted, it is ok to keep keys for the other
# partitions in this directory. This is _NOT_ ok for unencrypted root.
-------------------------------------------------------------------
And here's another guide for Ubuntu:
http://www.ubuntuforums.org/showthread.php?t=120091
thanx
thanx but can u pl amplify on these lines----->
---># Replace /dev/hda4 with your backing device (lvm is ok, as is raid)
root /dev/hda4
# Edit the new root's /mnt/etc/fstab to add the line
/dev/mapper/root / ext3 defaults 0 1
----># Remove whatever the old root filesystem line was
i just hop this succeeds on vector linux .....an outcome of Slackware...
if u have any idea abt how to do this on Slackware pl post it
what if there is no crypttab
what if there is no crypttab file
Guess.
Guess.
do i make one even if i ma
do i make one
even if i make one does the cryptsetup look for this file???