Full disk encryption - changing main drive
Hello all!
I've got a problem with my Slackware 14 installation. When I installed it for the first time I used a guide available here: ftp://ftp.slackware.pl/pub/slackware...ADME_CRYPT.TXT to enable full disk encryption. I've had only one disk in my laptop, which was SDA. Then I have added another disk as a primaty, and the disk with Slackware installation is mounted with eSATAp cable as an external drive, what causes it to be recognized as SDB. Now, when I'm trying to boot Slack it goes to LILO, but it's configured to unlock SDA, which is different, not encrypted hard drive, so the boot fails. My question is: what to do to boot from SDB, despite I made initial configuration to load from SDA? Best regards, Chris. |
Update /etc/lilo.conf and /etc/crypttab. If you are booting with initrd, run mkinitrd with the correct boot and encrypt drive.
|
You could try passing luksdev=/dev/sdb<partition number> root=cryptroot from the lilo boot prompt.
(after setting <partition number> and 'cryptroot' to whatever values you used to create the encrypted root filesystem. Should that get you up and running(*) you can then recreate the mkinitrd with appropriate -r and -C options for the changed device name and reinstall lilo. Don't forget to also change appropriate settings in lilo.conf to reflect the change. (*) I'm making some assumptions about what you have actually done as you didn't give any details. CAUTION!! If you've got any references to /dev/sda partitions still in your /etc/fstab for other partitions on your disk then that could be dangerous to the data on your new sda drive, so you need to be careful here. You might need to boot from the install cd, manually unlock and mount the encrypted root fs and change them in that case. |
When you have multiple drives or add or change drives there is no guarantee what /dev/sdx slot it will assign. Instead you can use UUIDs to specify the device, and that will not change even if you rearrange your drives. You can determine the UUIDs of your different devices and partitions using the command blkid. After that, in lilo.conf for example, you would use "root=UUID=<UUID of device>" rather than "root=/dev/sdxy".
Brian |
Hello,
Thank you for all the responses. Maybe I'll describe the situation more clearly, as I'm still fighting with this issue. I'm using LUKS together with LVM. My partitions were mounted as follows: Code:
/dev/cryptvg/root / Code:
cryptsetup luksOpen /dev/sdb2 slackluks Code:
vgscan --mknodes Now I assume I have to use mkinitrd with the correct -r and -C parameters, but even if I do: Code:
chroot /mnt Code:
mkinitrd -c -k 3.2.29 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdb2 -L Chris. |
Hello again,
I've managed to repair my Slackware 14 installation. For future references I'll descript whole process here. So, once again, let's describe the problem: when I installed Slackware 14 x86_64 (with LVM and LUKS) I had only one disk in my machine (sda). Then I added one disk more, and used Slack HDD as an externally connected hard drive. Because of that Slack drive received different label (sdb) than during installation. Bootloader tried to unlock partition /dev/sda2, but this was a partition on a different HDD. The correct one at this time was /dev/sdb2. I needed to make new initrd.gz, this time unlocking /dev/sdb2. Solution: during boot process, because the root filesystem failed to mount, I have been dropped to command line. I was able to unlock encrypted /dev/sdb2 and mount LVM volumes available on it. Then I've tried to generate new initrd.gz with: Code:
mkinitrd -c -k 3.2.29 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdb2 -L Code:
cryptsetup luksOpen /dev/sdb2 slackluks Code:
vgscan --mknodes Code:
mount /dev/crytpvg/root /mnt Code:
mkinitrd -c -k 3.2.29 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdb2 -L Code:
lilo Hope this will help someone. There's still one question in this topic: how to use drive UUID's instead of device names during ram disk generation? This would solve the issue for future. Best regards, Chris. |
All times are GMT -5. The time now is 02:41 AM. |