LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-18-2005, 07:40 PM   #1
sonicbuddha
LQ Newbie
 
Registered: Dec 2005
Posts: 16

Rep: Reputation: 0
Hacking the initrd for encrypted partitions


I am trying to set up my laptop to have encrypted root and swap partitions. What I would like to do is have the boot process pause and prompt for the passphrase to unlock the swap and root partitions before attempting to mount. Although this sounds complicated, the majority of it isn't. Using cryptsetup with luks it is easy to encrypt a partition and establish a passphrase that unlocks the partition and thus creates a virtual device in /dev/mapper. Then I use mkinitrd to create a basic initrd with all the kernel modules required for this setup to work in the boot process. The problem lies in hacking the initrd. Fedora has moved to using nash as its boot "almost shell", which has some very useful built in commands, such as switchroot. But it will not stop for a prompt and blows right past cryptsetup when it asks for a passphrase. I've attempted to work around it by adding busybox and its built in shell msh (or ash, if you compile it yourself with that option) and wrote a small script to call cryptsetup, but, even then the initrd does not stop for user input. I've reversed it and wrote an init that is a msh script that, towards its end, calls a nash script to run switchroot, but, because it is not init and thus does not have a pid of 1, it fails to mount root and launch init, although everything else works, including the prompt. I am trying to avoid using pivot_root or klibc's run_init as that I'd like to stay as close to a standard Fedora boot process as possible. I have seen reference to other people who have managed to get this to work for them, but I have not received a reply to my emails. Can anyone make a suggestion?
 
Old 12-20-2005, 04:09 AM   #2
jrbush82
Member
 
Registered: Mar 2002
Location: Hampton, VA
Posts: 86

Rep: Reputation: 15
Quick search in google yielded the following site, hope it helps: http://marc.waeckerlin.org/linux/crypt.php.en
 
Old 12-20-2005, 08:23 PM   #3
sonicbuddha
LQ Newbie
 
Registered: Dec 2005
Posts: 16

Original Poster
Rep: Reputation: 0
Thanks for the reply, although this isn't exactly what I am looking for. This link is to a page to encrypt partitions using gpg and loop devices on Suse. It also doesn't speak to encrypting the root partition using luks, Fedora, or nash and how to get it allow scripts to pause for user input.

Still, google. Use it, live it, love it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hacking Exposed Wireless Hacking Chapter prompt Linux - Wireless Networking 0 05-08-2004 02:44 PM
HAcking adam_h General 11 09-25-2003 03:40 PM
hacking moeminhtun General 1 01-09-2003 04:39 AM
Hacking... TimDimman Linux - Newbie 5 02-12-2002 03:11 PM
in how many was hacking is done ashis Linux - Security 5 06-15-2001 05:31 AM


All times are GMT -5. The time now is 11:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration