LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-16-2011, 09:26 PM   #1
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 223

Rep: Reputation: 8
Initramfs with decrypting a luks root partition questions


I created a fresh gentoo install. I am creating the initramfs because i made my root partition a encrypted luks partition. I did the usual and placed busybox on the initramfs so far. I have two questions:

1) doesn't there need to be a /dev/mapper in the initramfs so when the root partition is unlocked it has a /dev/mapper/file name?
2) when the exec_switch is preformed how is the /dev/mapper/file name going to transfer over?

and

3) how do i get the initramfs to take the key from a usb key device given from the grub command line?

Still having trouble though getting the initramfs.

1) I built the initramfs into the kernel...using /usr/src/initramfs. I did not choose any compression for it.
2) I created:
Code:
mkdir /usr/src/initramfs
cd /usr/src/initramfs
mkdir /usr/src/initramfs/bin
mkdir /usr/src/initramfs/lib
mkdir /usr/src/initramfs/dev
mkdir /usr/src/initramfs/etc
mkdir -p /usr/src/initramfs/mnt/root
mkdir /usr/src/initramfs/proc
mkdir /usr/src/initramfs/root
mkdir /usr/src/initramfs/sbin
mkdir /usr/src/initramfs/sys
2)I used the cryptsetup binary from the live dvd for the initramfs. For the busybox, I compiled it statically on my chroot system and copied over that binary to the initramfs.

3) I copied my luks key into /usr/src/initramfs/key

4) my init script is:
Code:
#!/bin/busybox sh

mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev

cryptsetup -d /key luksOpen /dev/sda5 root

mount -o ro /dev/mapper/root /mnt/root || rescue_shell

umount /proc
umount /sys
umount /dev


exec switch_root /mnt/root /sbin/init

rescue_shell() {
        echo "Something went wrong. Dropping you to a shell."
                busybox --install -s
        exec /bin/sh
}
but upon boot up I get:
http://img.photobucket.com/albums/v6...517_100756.jpg

I spent so many hours...if you could help please i'd really appreciate it.

Note: I tried this kernel on a non encrypted partition on the same laptop(just copied the partition) and it booted successfully(with no initramfs).
Pax and Grsecurity are turned off.

Last edited by unSpawn; 05-17-2011 at 05:12 PM. Reason: //Merge posts to retain 0-reply
 
Old 05-17-2011, 07:51 PM   #2
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 223

Original Poster
Rep: Reputation: 8
UPDATE:

This time I built the initramfs outside the kernel and loaded it externally with grub. I got a more verbose error output. I also updated the script to place marks where the init script may be at:

Code:
Gentoo-11 initramfs # cat init
#!/bin/busybox sh
echo "go this far"
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev

echo "crypt"
crypsetup -d /tyler2.jpg luksOpen /dev/sda5 root
echo "root unlocked"

mount -o ro /dev/mapper/root /mnt/root || rescue_shell
echo "mounted"

umount /dev
umount /sys
umount /proc

echo "about to do switch"
exec switch_root /mnt/root /sbin/init
echo "done"

rescue_shell() {
echo "bad"
busybox --install -s
exec /bin/sh
}
Here is a picture of the errors I get upon boot up:
http://img.photobucket.com/albums/v6...7_191224-1.jpg

Please note that on that screen shot it saids "about to do switch" on the very top, so I got that far in the script.

It looks like the syntax could be correct with "exec switch_root /mnt/root /sbin/init", but in the screen shot it seems to be complaining about the new root. Can this be a problem with devtmpfs? Or is switch_root util messed up because of the call traces?
 
Old 05-18-2011, 09:24 AM   #3
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 223

Original Poster
Rep: Reputation: 8
found the problem...i missed spelled the word cryptsetup.
 
Old 05-18-2011, 09:58 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Moved to Software, as it isn't a security issue (at least not directly).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Luks Root Partition on Laptop dman777 Linux - Security 1 05-10-2011 08:13 AM
How to format master LUKS partition w/o damaging other partition kaulalla Linux - Newbie 2 05-19-2010 09:11 AM
gentoo luks encrypted root partition - lots of trouble (with initramfs) Meson Gentoo 10 10-15-2009 04:15 PM
initramfs cannot find lvm root partition mgrant Linux - General 1 01-23-2009 07:12 PM
Two questions on NETWORK and ROOT partition Hitboxx Fedora 8 04-27-2006 09:49 PM


All times are GMT -5. The time now is 06:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration