LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-11-2007, 11:09 PM   #1
raklo
Member
 
Registered: Apr 2006
Posts: 143

Rep: Reputation: 15
losetup problems during encryption!!!


hello all,
i wnt to encrypt a partition and boot from the encrypted partition,but at the boottime system shd not prompt for a passwrd but shud read it from a pre-specified file.

man page of losetup states that option
#losetup -p num(where num is the number corresponding to the file descriptor,in which passphrase is stored)
makes the system read from the specified file.

but how to get the file descriptor of a file????

ANY INPUT IS APPRECIATED
 
Old 01-22-2007, 08:43 AM   #2
Nick_Battle
Member
 
Registered: Dec 2006
Location: Bracknell, UK
Distribution: SUSE 13.1
Posts: 159

Rep: Reputation: 33
I've never tried this, but does the following work:

losetup -p0 [other options] <file

ie. use file descriptor zero, which is standard input, and then redirect the file to the process' stdin. Just a guess.

HTH,
nick
 
Old 01-22-2007, 10:01 AM   #3
hansalfredche
Member
 
Registered: Jun 2005
Posts: 445

Rep: Reputation: 31
That sounds weird! Are you sure you can encrypt a partition you want to boot from (a root partition, that is)? Somehow you have to access it to be able to boot the kernel first, which I presume then decrypts the filesystem. But when that last one is encrypted, the kernel can't be loaded. Or am I completely wrong? Why don't you encrypt a fake /home partition on a test system first? Then, when it works, you can encrypt your real /home partition. I don't see the point of encrypting the root partition, there should be nothing relevant on it. Except you are trying to do something very particular.

Have you read this:
http://tldp.org/HOWTO/Encrypted-Root-Filesystem-HOWTO/

Last edited by hansalfredche; 01-22-2007 at 10:04 AM.
 
Old 01-22-2007, 11:57 AM   #4
Nick_Battle
Member
 
Registered: Dec 2006
Location: Bracknell, UK
Distribution: SUSE 13.1
Posts: 159

Rep: Reputation: 33
hansalfredche: this is surely similar to the problem of "how do I boot from a root disk before I've loaded the FS module for that disk?". The answer is to boot from a RAM-disk containing the necessary modules to enable the real disk to be read. It ought to be possible to similarly losetup the real device from a RAM disk before continuing to boot from it... (maybe!)
 
Old 01-22-2007, 03:07 PM   #5
hansalfredche
Member
 
Registered: Jun 2005
Posts: 445

Rep: Reputation: 31
Well, that's what I was thinking. Some part of the OS must be started from a unencrypted partition that is aware that the encrypted partition exists and knows how to decrypt it.

While I will probably not be able to help, I don't see in the original question where raklo wants to read the password from (USB Stick/Floppy presumably). The "RAM disk" is probably on an (unencrypted) partition on the HD, right?
 
Old 01-23-2007, 04:17 AM   #6
Nick_Battle
Member
 
Registered: Dec 2006
Location: Bracknell, UK
Distribution: SUSE 13.1
Posts: 159

Rep: Reputation: 33
Quote:
Originally Posted by hansalfredche
The "RAM disk" is probably on an (unencrypted) partition on the HD, right?
True. We don't know where raklo is getting the password information, but a cleartext file is not ideal. In the HOWTO you linked, it appears to prompt for the password at boot time, which would be more satisfactory.

Cheers,
-nick
 
Old 01-23-2007, 08:38 AM   #7
raklo
Member
 
Registered: Apr 2006
Posts: 143

Original Poster
Rep: Reputation: 15
thanx all for the response,
i thnk there is some confusion regarding wot i wanna do,lemme make it clear.

i have root filesystem loaded onto a partition,which is encrypted.i want to boot into that filesystem.
for which i have changed initrd,so that it can on runtime,mount the encrypted partition as /.
now i have used losetup command in nash(inside initrd)
but it somehow doesnt support redirection,i.e it does not support
#losetup -e aes-128 -p 5 /dev/loop2 /dev/hdc3 5</root/a

i m using -p because i dont want the system to prompt forthe password at the time of booting.

also as 1 of u said,i tried -p 0(0,1 and 2 for stdin,stdout,stderr) ,but none of them seem to work.

the above command works perfectly when i tested it on a booted system,but shows some problem with a booting system

,so if i have stored password in file /root/a, is there any way to get file descriptor corresponding to /root/a

any input is appreciated
 
Old 01-23-2007, 10:26 AM   #8
hansalfredche
Member
 
Registered: Jun 2005
Posts: 445

Rep: Reputation: 31
Well, if /root/a is in your encrypted root directory there is no way of accessing that file as long as the system can't access the encryptet partition (and it needs the password for this). But probably I'm missing something ...

Are you sure leaving a (cleartext, if I understand Nick_Battle correctly) password on your hard disk is a good idea? Somehow I don't see how this is any more secure, if the password is on the system itself. It has to be on an unencrypted partition, so any halfway intelligent attacker could access it.
 
Old 01-23-2007, 10:53 PM   #9
raklo
Member
 
Registered: Apr 2006
Posts: 143

Original Poster
Rep: Reputation: 15
yes, exactly, i dont mind if i keep /root/a on the root, as far as the system doesnt prompt for password at root time.
 
Old 01-24-2007, 02:46 AM   #10
hansalfredche
Member
 
Registered: Jun 2005
Posts: 445

Rep: Reputation: 31
So your password is located/saved ON the encrypted partition? Is this correct?
 
Old 01-24-2007, 03:30 AM   #11
raklo
Member
 
Registered: Apr 2006
Posts: 143

Original Poster
Rep: Reputation: 15
no,i have edited the initrd image, and my password file is saved in the initrd image,which is on a partition that is not encrypted.
 
Old 01-26-2007, 11:50 PM   #12
raklo
Member
 
Registered: Apr 2006
Posts: 143

Original Poster
Rep: Reputation: 15
i m successfull in booting into the encrypted file system.
everything is fine and i can login as usual.but my main aim is to
do that same thing with a compact flash,and when i m doing EXACTLY the same thing with the flash,the system hangs at

Freeing unused kernel memory 334 Kb

i've used the same KERNEL IMAGE,INITRD IMAGE,ROOT FILESYSTEM(FROM BUILDROOT) AND ALSO verified the grub.conf.

though everything is same,there seems to be some problem as the system hangs witht he flash.

can anyone tell wot the problem can be?????
regards
 
Old 01-27-2007, 03:45 AM   #13
hansalfredche
Member
 
Registered: Jun 2005
Posts: 445

Rep: Reputation: 31
Could it be the menu.lst file that is not configured correctly? It really sounds your system is trying to boot from the wrong disc/partition.
 
Old 01-27-2007, 05:24 AM   #14
raklo
Member
 
Registered: Apr 2006
Posts: 143

Original Poster
Rep: Reputation: 15
there is no problem with menu.lst
i've cme to know the source of problem.
as i said i edited initrd.img,in which in init script i've used a command
that uses redirection. '<' and nash does not support redirection so i used
ash instead of nash in the initrd.img.

now this scenario works perfectly fine with the harddisk .but when i do it with the flash,it does not work.
and when i replace ash with nash it works on the flash(but hangs at the command which uses redirection).
thus its sure that kernel is not able to execute ny shell other than nash.
the possible solution is
1) either to give redirection support to nash
2) to make kernel except other shell(bash,ash,ksh..etc)

wot do u think can b solution and HOW???
regards
 
Old 01-27-2007, 07:21 AM   #15
Nick_Battle
Member
 
Registered: Dec 2006
Location: Bracknell, UK
Distribution: SUSE 13.1
Posts: 159

Rep: Reputation: 33
I don't know much about nash, but if it doesn't do "<" redirection, perhaps it will do pipelines? So you could say "cat file | losetup -p0" instead of "losetup -p0 <file".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problems during filesystem encryption raklo Linux - Software 0 12-21-2006 01:55 AM
losetup with a HUGE offset eantoranz Linux - Software 0 12-08-2005 11:17 AM
cryptoapi losetup encryption in slackware rino.caldelli Slackware 1 07-26-2005 05:15 AM
Encryption problems Ephracis Linux - Wireless Networking 2 03-25-2005 12:34 AM
how to set encryption keyseze (losetup) in slack 10 qwijibow Slackware 7 11-20-2004 07:37 PM


All times are GMT -5. The time now is 02:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration