slackware64 lvm/luks and mkinitrd for custom kernel
Hello all.
I'm not sure how to proceed from here with making an initrd for my custom kernel. I built ext3 fs support, DM, and also Crypt into 2.6.30.5 Code:
CONFIG_BLK_DEV_DM=y CONFIG_DM_CRYPT=y CONFIG_EXT3_FS=Y Code:
mkinitrd -k 2.6.30.5 -m ext3 -f ext3 -r /dev/cryptvg/root/ -C /dev/hda2 -L Code:
# Linux bootable partition config begins Code:
Using /lib/modules/2.6.29.6-smp/kernel/fs/mbcache.ko Code:
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r crypt -C /dev/sda2 -o initrd-2.6.30.5.gz Code:
root@x41:~# ls -l /boot/ Thanks, chopp |
If your making a custom kernel you don't need an initrd file
just build the mobo HDD vedio controllers drivers the file system support executable format keyboard mouse in to the kernel a quick way to get a basic configuration is to do "make i386_defconfig"or for a 64bit kernel "make x86_64_defconfig" you will still need to run "make menuconfig" to add file systems usb modules and turn off kernel debugging you might want to move every thing not needed to boot up out to modules like sound card and alsa modules |
I've tried that also, which results in kernel panic. I've been using slack quite a few years, and this is my first experience with initrd's.
Before going with lvm/luks on this laptop, I would always build a custom kernel right after install. I was under the impression that an initrd was required to unlock the luks prior to booting the kernel? Code:
Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,1) |
I'm not sure what is your plan but did you read the README_CRYPT.TXT and especially the last section "Combining LUKS and LVM"?
Also, if you want to use an initrd file for both of your lilo entries, they should definitely have different names and the "initrd" line in lilo.conf should reflect that (which is not the case in your lilo.conf example) |
Quote:
all you would really need to encrypt would be is /home/username at the most and /home/username/data-to-protect at the least check your /etc/mtab file for where the root file system is mounted and how it's mounted |
I just followed README_CRYPT.TXT Combining LUKS and LVM
If encrypting just /home is a better plan, hey I'm all for it. As it stands with / also encrypted, it seems to work great. I'm not sure where the uphill with a parachute comes in. :-) Code:
root@x41:/etc# cat /etc/mtab |
Quote:
One reason for encrypting root, or at least my reason: If you have sensible data on your computer, say a laptop, you get some stuff outside of /home: root user's bash history giving an indication what files you have opened, eventually some stuff in /tmp and eventually also in /var/spool/cups. If you try to give your documents meaningful names, sometimes that's enough info to hide it, let's say a client's name etc. That is way too much paranoia for most people, but for some it may be needed. If a harddisk of mine is damaged I couldn't claim for warranty if it wasn't encrypted. Totally encrypted, even the file names, I don't have to care which technician gets his hands on the harddrive, they won't get any data that I'm by law obliged to keep confidential. One other reason might be to mount several partitions with a keyfile that is saved on the root partition. That way you only have to input a keyphrase once and not for every single encrypted partition. [/LITTLE BIT OFFTOPIC THOUGHTS] |
One problem is that you build ext3 into your kernel, which means there is no module to add to your initrd.
I would say encrypting your whole disk is more like running into the wind with an open napkin. Sure you are providing a slight amount of extra drag, but then you get to wipe your forhead, too. Also, depending on your uses, you may find that you need to encrypt more than just /home, ie. database info, log info, etc., which may not be in /home. I find LVM on an encrypted partition to provide maximum simplicity and flexibility, and I sure did not notice a speed decrease with encrypted root disks. Brian |
BCarey,
so I have to use an initrd or no? I have decided to stick with both /, and /home encrypted. Without an initrd I got the kernel panic, and I had just removed the initrd = from lilo, and no luck there. Thanks everyone for the help thus far. |
well if nothing else, I'm now very confused. The install kernel has ext3 built into it also, and the initrd for it works great.
|
Quote:
isn't the point of the initrd file to provide modules needed to boot the system that are not in the kernel in slackware it looks like the initrd file is being used as a way around building custom kernel |
Quote:
Brian |
Quote:
Brian |
yes I have /boot on a separate unencrypted partition.
Code:
root@x41:/etc# cat /etc/mtab |
In your lilo.conf you have both kernel versions pointing to the same initrd.gz. This cannot be right.
Brian |
in
Quote:
Brian |
Well I also tried with a separate initrd with these results:
Code:
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r crypt -C /dev/sda2 -o initrd-2.6.30.5.gz -L |
I also just tried this without any luck:
Code:
mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sda2 -o initrd-2.6.30.5.gz -L |
Hello Chopp,
Let's try to see more clearly through your situation: I assume that you followed instructions in README_CRYPT.TXT to create your LUKS and LVM partitions. So you should have a filesystem configuration like this: Code:
/dev/sda1 /boot Here are the steps I would recommend: 1) Boot using your installation DVD or first installation CD. At the prompt type in: Code:
hugesmp.s root=/dev/sda2 rdinit= ro Code:
cd /boot 3) Update file /etc/lilo.conf. The entry for the 2.6.30.5 kernel should look like: Code:
image = /boot/vmlinuz-2.6.30.5 Code:
lilo |
Alright problem finally solved. It was simple really. BCarey you mentioned the ext3 built in should be a module. I somehow missed that until after I had tried it. :P
The kernel config I started with was from my previous laptop which was an X31, and the new one is an X41. Not many changes in the kernel config EXCEPT the new one having a sata drive. Once it, and the ext3 were changed the initrd built like it was supposed to. I still don't understand why the CONFIG_BLK_DEV_DM, and CONFIG_DM_CRYPT are built in, but the file system has to be an module? Thank you kindly everyone for the help, and my apologies for my stupidity. chopp |
All times are GMT -5. The time now is 06:55 AM. |