Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello all,
i wnt to encrypt a partition and boot from the encrypted partition,but at the boottime system shd not prompt for a passwrd but shud read it from a pre-specified file.
man page of losetup states that option
#losetup -p num(where num is the number corresponding to the file descriptor,in which passphrase is stored)
makes the system read from the specified file.
That sounds weird! Are you sure you can encrypt a partition you want to boot from (a root partition, that is)? Somehow you have to access it to be able to boot the kernel first, which I presume then decrypts the filesystem. But when that last one is encrypted, the kernel can't be loaded. Or am I completely wrong? Why don't you encrypt a fake /home partition on a test system first? Then, when it works, you can encrypt your real /home partition. I don't see the point of encrypting the root partition, there should be nothing relevant on it. Except you are trying to do something very particular.
hansalfredche: this is surely similar to the problem of "how do I boot from a root disk before I've loaded the FS module for that disk?". The answer is to boot from a RAM-disk containing the necessary modules to enable the real disk to be read. It ought to be possible to similarly losetup the real device from a RAM disk before continuing to boot from it... (maybe!)
Well, that's what I was thinking. Some part of the OS must be started from a unencrypted partition that is aware that the encrypted partition exists and knows how to decrypt it.
While I will probably not be able to help, I don't see in the original question where raklo wants to read the password from (USB Stick/Floppy presumably). The "RAM disk" is probably on an (unencrypted) partition on the HD, right?
The "RAM disk" is probably on an (unencrypted) partition on the HD, right?
True. We don't know where raklo is getting the password information, but a cleartext file is not ideal. In the HOWTO you linked, it appears to prompt for the password at boot time, which would be more satisfactory.
thanx all for the response,
i thnk there is some confusion regarding wot i wanna do,lemme make it clear.
i have root filesystem loaded onto a partition,which is encrypted.i want to boot into that filesystem.
for which i have changed initrd,so that it can on runtime,mount the encrypted partition as /.
now i have used losetup command in nash(inside initrd)
but it somehow doesnt support redirection,i.e it does not support
#losetup -e aes-128 -p 5 /dev/loop2 /dev/hdc3 5</root/a
i m using -p because i dont want the system to prompt forthe password at the time of booting.
also as 1 of u said,i tried -p 0(0,1 and 2 for stdin,stdout,stderr) ,but none of them seem to work.
the above command works perfectly when i tested it on a booted system,but shows some problem with a booting system
,so if i have stored password in file /root/a, is there any way to get file descriptor corresponding to /root/a
Well, if /root/a is in your encrypted root directory there is no way of accessing that file as long as the system can't access the encryptet partition (and it needs the password for this). But probably I'm missing something ...
Are you sure leaving a (cleartext, if I understand Nick_Battle correctly) password on your hard disk is a good idea? Somehow I don't see how this is any more secure, if the password is on the system itself. It has to be on an unencrypted partition, so any halfway intelligent attacker could access it.
i m successfull in booting into the encrypted file system.
everything is fine and i can login as usual.but my main aim is to
do that same thing with a compact flash,and when i m doing EXACTLY the same thing with the flash,the system hangs at
Freeing unused kernel memory 334 Kb
i've used the same KERNEL IMAGE,INITRD IMAGE,ROOT FILESYSTEM(FROM BUILDROOT) AND ALSO verified the grub.conf.
though everything is same,there seems to be some problem as the system hangs witht he flash.
can anyone tell wot the problem can be?????
regards
there is no problem with menu.lst
i've cme to know the source of problem.
as i said i edited initrd.img,in which in init script i've used a command
that uses redirection. '<' and nash does not support redirection so i used
ash instead of nash in the initrd.img.
now this scenario works perfectly fine with the harddisk .but when i do it with the flash,it does not work.
and when i replace ash with nash it works on the flash(but hangs at the command which uses redirection).
thus its sure that kernel is not able to execute ny shell other than nash.
the possible solution is
1) either to give redirection support to nash
2) to make kernel except other shell(bash,ash,ksh..etc)
I don't know much about nash, but if it doesn't do "<" redirection, perhaps it will do pipelines? So you could say "cat file | losetup -p0" instead of "losetup -p0 <file".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.