LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 04-27-2014, 05:08 PM   #1
chris.j
LQ Newbie
 
Registered: Apr 2014
Posts: 3

Rep: Reputation: Disabled
Full disk encryption - changing main drive


Hello all!

I've got a problem with my Slackware 14 installation. When I installed it for the first time I used a guide available here: ftp://ftp.slackware.pl/pub/slackware...ADME_CRYPT.TXT to enable full disk encryption. I've had only one disk in my laptop, which was SDA. Then I have added another disk as a primaty, and the disk with Slackware installation is mounted with eSATAp cable as an external drive, what causes it to be recognized as SDB. Now, when I'm trying to boot Slack it goes to LILO, but it's configured to unlock SDA, which is different, not encrypted hard drive, so the boot fails. My question is: what to do to boot from SDB, despite I made initial configuration to load from SDA?

Best regards,
Chris.
 
Old 04-27-2014, 05:22 PM   #2
tux_dude
Member
 
Registered: Dec 2008
Distribution: Slackware64 Current
Posts: 226

Rep: Reputation: 33
Update /etc/lilo.conf and /etc/crypttab. If you are booting with initrd, run mkinitrd with the correct boot and encrypt drive.
 
Old 04-28-2014, 05:13 AM   #3
GazL
Senior Member
 
Registered: May 2008
Posts: 3,501

Rep: Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024
You could try passing luksdev=/dev/sdb<partition number> root=cryptroot from the lilo boot prompt.
(after setting <partition number> and 'cryptroot' to whatever values you used to create the encrypted root filesystem.

Should that get you up and running(*) you can then recreate the mkinitrd with appropriate -r and -C options for the changed device name and reinstall lilo. Don't forget to also change appropriate settings in lilo.conf to reflect the change.


(*) I'm making some assumptions about what you have actually done as you didn't give any details.


CAUTION!!
If you've got any references to /dev/sda partitions still in your /etc/fstab for other partitions on your disk then that could be dangerous to the data on your new sda drive, so you need to be careful here. You might need to boot from the install cd, manually unlock and mount the encrypted root fs and change them in that case.

Last edited by GazL; 04-28-2014 at 05:19 AM.
 
Old 04-28-2014, 03:36 PM   #4
BCarey
Senior Member
 
Registered: Oct 2005
Location: New Mexico
Distribution: Slackware
Posts: 1,489

Rep: Reputation: Disabled
When you have multiple drives or add or change drives there is no guarantee what /dev/sdx slot it will assign. Instead you can use UUIDs to specify the device, and that will not change even if you rearrange your drives. You can determine the UUIDs of your different devices and partitions using the command blkid. After that, in lilo.conf for example, you would use "root=UUID=<UUID of device>" rather than "root=/dev/sdxy".

Brian
 
Old 05-01-2014, 06:03 PM   #5
chris.j
LQ Newbie
 
Registered: Apr 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hello,

Thank you for all the responses. Maybe I'll describe the situation more clearly, as I'm still fighting with this issue. I'm using LUKS together with LVM. My partitions were mounted as follows:
Code:
  /dev/cryptvg/root  /
  /dev/cryptvg/home  /home
  /dev/sda1          /boot
This is the configuration, that the system uses right now and I need to change that to use /dev/sdb instead /dev/sda. I've managed to open the LUKS device with
Code:
cryptsetup luksOpen /dev/sdb2 slackluks
Then I've enabled LVM blocks:
Code:
vgscan --mknodes
vgchange -ay
Next, I've mounted /dev/cryptvg/root under /mnt and updated /mnt/etc/lilo.conf and /mnt/etc/fstab to point to /dev/sdb instead of /dev/sda.
Now I assume I have to use mkinitrd with the correct -r and -C parameters, but even if I do:
Code:
chroot /mnt
and then execute:
Code:
mkinitrd -c -k 3.2.29 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdb2 -L
I get error that mkinitrd was not found. Can you point me to the solution?

Chris.

Last edited by chris.j; 05-01-2014 at 06:04 PM.
 
Old 05-03-2014, 04:23 AM   #6
chris.j
LQ Newbie
 
Registered: Apr 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hello again,

I've managed to repair my Slackware 14 installation. For future references I'll descript whole process here.

So, once again, let's describe the problem: when I installed Slackware 14 x86_64 (with LVM and LUKS) I had only one disk in my machine (sda). Then I added one disk more, and used Slack HDD as an externally connected hard drive. Because of that Slack drive received different label (sdb) than during installation. Bootloader tried to unlock partition /dev/sda2, but this was a partition on a different HDD. The correct one at this time was /dev/sdb2. I needed to make new initrd.gz, this time unlocking /dev/sdb2.

Solution: during boot process, because the root filesystem failed to mount, I have been dropped to command line. I was able to unlock encrypted /dev/sdb2 and mount LVM volumes available on it. Then I've tried to generate new initrd.gz with:
Code:
mkinitrd -c -k 3.2.29 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdb2 -L
but this command only made it worse - because I didn't have all necessary partitions mounted during execution of above command I generated a ram disk which wasn't able to boot at all. I received "Kernel panic" message at boot and I was stuck without even access to console. So, I booted up the box with Slackware 14 x86_64 DVD disc and executed:
Code:
cryptsetup luksOpen /dev/sdb2 slackluks
Next, I've enabled LVM volumes with:
Code:
vgscan --mknodes
vgchange -ay
Then I've mounted all the drives:
Code:
mount /dev/crytpvg/root /mnt
mount /dev/sdb1 /boot
mount -o bind /proc /mnt/proc
mount -o bind /sys /mnt/sys
mount -o bind /dev /mnt/dev
chroot /mnt
In the end I've generated new ram disk as previously:
Code:
mkinitrd -c -k 3.2.29 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdb2 -L
As the last step I've executed command:
Code:
lilo
Please note that this command will return some warrnings. That's normal. The most important is that you shouldn't receive any "Fatal" errors. If you get one, the boot process will most probably fail.

Hope this will help someone.

There's still one question in this topic: how to use drive UUID's instead of device names during ram disk generation? This would solve the issue for future.

Best regards,
Chris.

Last edited by chris.j; 05-03-2014 at 04:25 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Passwordless Full Disk Encryption?? jimbo1954 Linux - Security 2 09-01-2013 06:33 PM
disk full, encryption dawee Ubuntu 2 07-03-2012 03:46 AM
Can full disk encryption be removed? Amdx2_x64 Linux - Security 4 11-15-2010 01:11 AM
Full disk encryption ourskool Linux - Security 1 01-23-2008 12:52 PM
Remote full disk encryption anonymous-coward Linux - Software 3 09-01-2007 07:25 AM


All times are GMT -5. The time now is 05:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration