LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   slackware64 lvm/luks and mkinitrd for custom kernel (https://www.linuxquestions.org/questions/slackware-14/slackware64-lvm-luks-and-mkinitrd-for-custom-kernel-749951/)

chopp 08-24-2009 03:20 PM
slackware64 lvm/luks and mkinitrd for custom kernel
 
Hello all.
I'm not sure how to proceed from here with making an initrd for my custom kernel. I built ext3 fs support, DM, and also Crypt into 2.6.30.5
Code:
CONFIG_BLK_DEV_DM=y  CONFIG_DM_CRYPT=y    CONFIG_EXT3_FS=Y
I tried to make the initrd with the following:
Code:
mkinitrd -k 2.6.30.5 -m ext3 -f ext3 -r /dev/cryptvg/root/ -C /dev/hda2 -L
My lilo.conf looks like so:
Code:
# Linux bootable partition config begins
image = /boot/vmlinuz-2.6.30.5
  initrd = /boot/initrd.gz
  root = /dev/cryptvg/root
  label = 2.6.30.5
  read-only

image = /boot/vmlinuz-generic-smp-2.6.29.6-smp
  initrd = /boot/initrd.gz
  root = /dev/cryptvg/root
  label = Linux
  read-only
# Linux bootable partition config ends
Booting errors out with a few, this being the first:
Code:
Using /lib/modules/2.6.29.6-smp/kernel/fs/mbcache.ko
mbcache: version magic '2.6.29.6-smp SMP mod_unload 686 ' should be '2.6.30.5 preempt mod_unload PENTIUM 4KSTACKS '
insmod: cannot insert '/lib/modules/2.6.29.6-smp/kernel/fs/mbcache.ko' : Invalid module format
I've also tried making seperate initrd's, with no luck also:
Code:
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r crypt -C /dev/sda2 -o initrd-2.6.30.5.gz
also the contents of my /boot dir.:
Code:
root@x41:~# ls -l /boot/
total 24986
lrwxrwxrwx  1 root root      37 2009-08-22 19:41 README.initrd -> /usr/doc/mkinitrd-1.3.4/README.initrd
lrwxrwxrwx  1 root root      25 2009-08-24 05:23 System.map -> /boot/System.map-2.6.30.5
-rw-r--r--  1 root root  925305 2009-08-24 05:22 System.map-2.6.30.5
-rw-r--r--  1 root root  993960 2009-08-17 00:18 System.map-generic-2.6.29.6
-rw-r--r--  1 root root 1021936 2009-08-16 23:20 System.map-generic-smp-2.6.29.6-smp
-rw-r--r--  1 root root 1463026 2009-08-17 00:32 System.map-huge-2.6.29.6
-rw-r--r--  1 root root 1495429 2009-08-16 23:53 System.map-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root    512 2009-08-22 20:00 boot.0800
-rw-r--r--  1 root root    168 2009-08-22 20:00 boot_message.txt
lrwxrwxrwx  1 root root      28 2009-08-22 19:41 config -> config-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root  96042 2009-08-17 00:18 config-generic-2.6.29.6
-rw-r--r--  1 root root  96218 2009-08-16 23:20 config-generic-smp-2.6.29.6-smp
-rw-r--r--  1 root root  96158 2009-08-17 00:32 config-huge-2.6.29.6
-rw-r--r--  1 root root  96246 2009-08-16 23:53 config-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root    5040 2008-11-29 11:43 diag1.img
drwxr-xr-x 11 root root    1024 2009-08-23 20:12 initrd-tree/
-rw-r--r--  1 root root 2258481 2009-08-24 05:26 initrd.gz
drwx------  2 root root  12288 2009-08-22 19:38 lost+found/
-rw-------  1 root root  123392 2009-08-24 05:29 map
-rw-r--r--  1 root root  15754 2008-02-21 17:08 slack.bmp
lrwxrwxrwx  1 root root      29 2009-08-22 19:41 vmlinuz -> vmlinuz-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root 2166624 2009-08-24 05:24 vmlinuz-2.6.30.5
-rw-r--r--  1 root root 2386000 2009-08-17 00:18 vmlinuz-generic-2.6.29.6
-rw-r--r--  1 root root 2495952 2009-08-16 23:20 vmlinuz-generic-smp-2.6.29.6-smp
-rw-r--r--  1 root root 4768048 2009-08-17 00:32 vmlinuz-huge-2.6.29.6
-rw-r--r--  1 root root 4940304 2009-08-16 23:53 vmlinuz-huge-smp-2.6.29.6-smp
Where exactly am I going wrong here?

Thanks,
chopp

rob.rice 08-24-2009 03:27 PM
If your making a custom kernel you don't need an initrd file
just build the mobo HDD vedio controllers drivers the file system support executable format keyboard mouse
in to the kernel
a quick way to get a basic configuration is to do "make i386_defconfig"or for a 64bit kernel "make x86_64_defconfig"
you will still need to run "make menuconfig" to add file systems usb modules
and turn off kernel debugging
you might want to move every thing not needed to boot up out to modules like sound card and alsa modules

chopp 08-24-2009 03:40 PM
I've tried that also, which results in kernel panic. I've been using slack quite a few years, and this is my first experience with initrd's.
Before going with lvm/luks on this laptop, I would always build a custom kernel right after install.

I was under the impression that an initrd was required to unlock the luks prior to booting the kernel?

Code:
Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,1)

gegechris99 08-24-2009 03:49 PM
I'm not sure what is your plan but did you read the README_CRYPT.TXT and especially the last section "Combining LUKS and LVM"?

Also, if you want to use an initrd file for both of your lilo entries, they should definitely have different names and the "initrd" line in lilo.conf should reflect that (which is not the case in your lilo.conf example)

rob.rice 08-24-2009 03:52 PM
Quote:
Originally Posted by chopp (Post 3655981)
I've tried that also, which results in kernel panic. I've been using slack quite a few years, and this is my first experience with initrd's.
Before going with lvm/luks on this laptop, I would always build a custom kernel right after install.

I was under the impression that an initrd was required to unlock the luks prior to booting the kernel?

Code:
Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,1)
why encrypt the whole root file system that's like running a foot race up wind with an open parachute on
all you would really need to encrypt would be is /home/username at the most and /home/username/data-to-protect at the least
check your /etc/mtab file for where the root file system is mounted and how it's mounted

chopp 08-24-2009 04:04 PM
I just followed README_CRYPT.TXT Combining LUKS and LVM

If encrypting just /home is a better plan, hey I'm all for it. As it stands with / also encrypted, it seems to work great. I'm not sure where the uphill with a parachute comes in. :-)

Code:
root@x41:/etc# cat /etc/mtab
/dev/cryptvg/root / ext3 rw,errors=continue,data=ordered 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/dev/mapper/cryptvg-home /home ext3 rw 0 0
/dev/sda1 /boot ext3 rw 0 0
tmpfs /dev/shm tmpfs rw 0 0

titopoquito 08-24-2009 04:13 PM
Quote:
Originally Posted by rob.rice (Post 3655994)
why encrypt the whole root file system that's like running a foot race up wind with an open parachute on
all you would really need to encrypt would be is /home/username at the most and /home/username/data-to-protect at the least
check your /etc/mtab file for where the root file system is mounted and how it's mounted
[LITTLE BIT OFFTOPIC THOUGHTS]
One reason for encrypting root, or at least my reason: If you have sensible data on your computer, say a laptop, you get some stuff outside of /home: root user's bash history giving an indication what files you have opened, eventually some stuff in /tmp and eventually also in /var/spool/cups. If you try to give your documents meaningful names, sometimes that's enough info to hide it, let's say a client's name etc.

That is way too much paranoia for most people, but for some it may be needed. If a harddisk of mine is damaged I couldn't claim for warranty if it wasn't encrypted. Totally encrypted, even the file names, I don't have to care which technician gets his hands on the harddrive, they won't get any data that I'm by law obliged to keep confidential.

One other reason might be to mount several partitions with a keyfile that is saved on the root partition. That way you only have to input a keyphrase once and not for every single encrypted partition.
[/LITTLE BIT OFFTOPIC THOUGHTS]

BCarey 08-24-2009 04:14 PM
One problem is that you build ext3 into your kernel, which means there is no module to add to your initrd.

I would say encrypting your whole disk is more like running into the wind with an open napkin. Sure you are providing a slight amount of extra drag, but then you get to wipe your forhead, too.

Also, depending on your uses, you may find that you need to encrypt more than just /home, ie. database info, log info, etc., which may not be in /home. I find LVM on an encrypted partition to provide maximum simplicity and flexibility, and I sure did not notice a speed decrease with encrypted root disks.

Brian

chopp 08-24-2009 04:23 PM
BCarey,
so I have to use an initrd or no? I have decided to stick with both /, and /home encrypted. Without an initrd I got the kernel panic, and I had just removed the initrd = from lilo, and no luck there.

Thanks everyone for the help thus far.

chopp 08-24-2009 04:56 PM
well if nothing else, I'm now very confused. The install kernel has ext3 built into it also, and the initrd for it works great.

rob.rice 08-24-2009 04:58 PM
Quote:
Originally Posted by BCarey (Post 3656014)
One problem is that you build ext3 into your kernel, which means there is no module to add to your initrd.


Brian
IF the kernel already has support for ext3 why dose it matter that there is no ext3 module in the initrd file
isn't the point of the initrd file to provide modules
needed to boot the system that are not in the kernel



in slackware it looks like the initrd file is being used as
a way around building custom kernel

BCarey 08-24-2009 06:14 PM
Quote:
Originally Posted by chopp (Post 3656021)
BCarey,
so I have to use an initrd or no? I have decided to stick with both /, and /home encrypted. Without an initrd I got the kernel panic, and I had just removed the initrd = from lilo, and no luck there.

Thanks everyone for the help thus far.
As far as I know you need an initrd if you want this setup. Did you make sure to put /boot on a small, unencrypted partition? Your kernel panic could be due to that.

Brian

BCarey 08-24-2009 06:18 PM
Quote:
Originally Posted by rob.rice (Post 3656055)
IF the kernel already has support for ext3 why dose it matter that there is no ext3 module in the initrd file
isn't the point of the initrd file to provide modules
needed to boot the system that are not in the kernel



in slackware it looks like the initrd file is being used as
a way around building custom kernel
It would just try to insert the module and then let you know that it couldn't because it is not there, similar to the reported error. Probably not fatal. However, the OP seems to have another problem, why is it trying to insert modules from the wrong kernel version?

Brian

chopp 08-24-2009 06:19 PM
yes I have /boot on a separate unencrypted partition.

Code:
root@x41:/etc# cat /etc/mtab
/dev/cryptvg/root / ext3 rw,errors=continue,data=ordered 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/dev/mapper/cryptvg-home /home ext3 rw 0 0
/dev/sda1 /boot ext3 rw 0 0
tmpfs /dev/shm tmpfs rw 0 0

BCarey 08-24-2009 06:35 PM
In your lilo.conf you have both kernel versions pointing to the same initrd.gz. This cannot be right.

Brian

BCarey 08-24-2009 06:38 PM
in
Quote:
Code:
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r crypt -C /dev/sda2 -o initrd-2.6.30.5.gz
it should be "-r /dev/cryptvg/root"

Brian

chopp 08-24-2009 07:03 PM
Well I also tried with a separate initrd with these results:

Code:
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r crypt -C /dev/sda2 -o initrd-2.6.30.5.gz -L

initrd = /boot/initrd-2.6.30.5.gz

mount: mounting crypt on /mnt failed: No such file or directory
ERROR: No /sbin/init found on rootdev (or not mounted). Trouble ahead.
            You can try to fix it. Type 'exit' when things are done.

chopp 08-24-2009 07:15 PM
I also just tried this without any luck:

Code:
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sda2 -o initrd-2.6.30.5.gz -L
and
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sda2 -o initrd-2.6.30.5.gz

gegechris99 08-25-2009 03:23 AM
Hello Chopp,

Let's try to see more clearly through your situation:

I assume that you followed instructions in README_CRYPT.TXT to create your LUKS and LVM partitions.

So you should have a filesystem configuration like this:

Code:
/dev/sda1                /boot
/dev/cryptvg/root        /
/dev/cryptvg/home        /home
with your LUKS/LVM partitions created on /dev/sda2.

Here are the steps I would recommend:

1) Boot using your installation DVD or first installation CD. At the prompt type in:

Code:
hugesmp.s root=/dev/sda2 rdinit= ro
2) Go into your /boot directory and create your initrd file:

Code:
cd /boot
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sda2 -o initrd-2.6.30.5.gz -L
Check that file /boot/initrd-2.6.30.5.gz has been created.

3) Update file /etc/lilo.conf. The entry for the 2.6.30.5 kernel should look like:

Code:
image = /boot/vmlinuz-2.6.30.5
    initrd = /boot/initrd-2.6.30.5.gz
    root = /dev/cryptvg/root
    label = 2.6.30.5
    read-only
4) Run the lilo command to make sure your changes to lilo.conf are taken into account when you reboot:

Code:
lilo
5) reboot

chopp 08-25-2009 02:33 PM
Alright problem finally solved. It was simple really. BCarey you mentioned the ext3 built in should be a module. I somehow missed that until after I had tried it. :P

The kernel config I started with was from my previous laptop which was an X31, and the new one is an X41. Not many changes in the kernel config EXCEPT the new one having a sata drive. Once it, and the ext3 were changed the initrd built like it was supposed to.

I still don't understand why the CONFIG_BLK_DEV_DM, and CONFIG_DM_CRYPT
are built in, but the file system has to be an module?

Thank you kindly everyone for the help, and my apologies for my stupidity.

chopp


All times are GMT -5. The time now is 06:55 AM.