slackware64 lvm/luks and mkinitrd for custom kernel

chopp · 08-24-2009, 03:20 PM

Hello all.
I'm not sure how to proceed from here with making an initrd for my custom kernel. I built ext3 fs support, DM, and also Crypt into 2.6.30.5

Code:

 CONFIG_BLK_DEV_DM=y   CONFIG_DM_CRYPT=y     CONFIG_EXT3_FS=Y

I tried to make the initrd with the following:

Code:

mkinitrd -k 2.6.30.5 -m ext3 -f ext3 -r /dev/cryptvg/root/ -C /dev/hda2 -L

My lilo.conf looks like so:

Code:

# Linux bootable partition config begins
image = /boot/vmlinuz-2.6.30.5
  initrd = /boot/initrd.gz
  root = /dev/cryptvg/root
  label = 2.6.30.5
  read-only

image = /boot/vmlinuz-generic-smp-2.6.29.6-smp
  initrd = /boot/initrd.gz
  root = /dev/cryptvg/root
  label = Linux
  read-only
# Linux bootable partition config ends

Booting errors out with a few, this being the first:

Code:

Using /lib/modules/2.6.29.6-smp/kernel/fs/mbcache.ko
mbcache: version magic '2.6.29.6-smp SMP mod_unload 686 ' should be '2.6.30.5 preempt mod_unload PENTIUM 4KSTACKS '
insmod: cannot insert '/lib/modules/2.6.29.6-smp/kernel/fs/mbcache.ko' : Invalid module format

I've also tried making seperate initrd's, with no luck also:

Code:

mkinitrd -c -k 2.6.30.5 -m ext3 -f ext3 -r crypt -C /dev/sda2 -o initrd-2.6.30.5.gz

also the contents of my /boot dir.:

Code:

root@x41:~# ls -l /boot/
total 24986
lrwxrwxrwx  1 root root      37 2009-08-22 19:41 README.initrd -> /usr/doc/mkinitrd-1.3.4/README.initrd
lrwxrwxrwx  1 root root      25 2009-08-24 05:23 System.map -> /boot/System.map-2.6.30.5
-rw-r--r--  1 root root  925305 2009-08-24 05:22 System.map-2.6.30.5
-rw-r--r--  1 root root  993960 2009-08-17 00:18 System.map-generic-2.6.29.6
-rw-r--r--  1 root root 1021936 2009-08-16 23:20 System.map-generic-smp-2.6.29.6-smp
-rw-r--r--  1 root root 1463026 2009-08-17 00:32 System.map-huge-2.6.29.6
-rw-r--r--  1 root root 1495429 2009-08-16 23:53 System.map-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root     512 2009-08-22 20:00 boot.0800
-rw-r--r--  1 root root     168 2009-08-22 20:00 boot_message.txt
lrwxrwxrwx  1 root root      28 2009-08-22 19:41 config -> config-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root   96042 2009-08-17 00:18 config-generic-2.6.29.6
-rw-r--r--  1 root root   96218 2009-08-16 23:20 config-generic-smp-2.6.29.6-smp
-rw-r--r--  1 root root   96158 2009-08-17 00:32 config-huge-2.6.29.6
-rw-r--r--  1 root root   96246 2009-08-16 23:53 config-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root    5040 2008-11-29 11:43 diag1.img
drwxr-xr-x 11 root root    1024 2009-08-23 20:12 initrd-tree/
-rw-r--r--  1 root root 2258481 2009-08-24 05:26 initrd.gz
drwx------  2 root root   12288 2009-08-22 19:38 lost+found/
-rw-------  1 root root  123392 2009-08-24 05:29 map
-rw-r--r--  1 root root   15754 2008-02-21 17:08 slack.bmp
lrwxrwxrwx  1 root root      29 2009-08-22 19:41 vmlinuz -> vmlinuz-huge-smp-2.6.29.6-smp
-rw-r--r--  1 root root 2166624 2009-08-24 05:24 vmlinuz-2.6.30.5
-rw-r--r--  1 root root 2386000 2009-08-17 00:18 vmlinuz-generic-2.6.29.6
-rw-r--r--  1 root root 2495952 2009-08-16 23:20 vmlinuz-generic-smp-2.6.29.6-smp
-rw-r--r--  1 root root 4768048 2009-08-17 00:32 vmlinuz-huge-2.6.29.6
-rw-r--r--  1 root root 4940304 2009-08-16 23:53 vmlinuz-huge-smp-2.6.29.6-smp

Where exactly am I going wrong here?

Thanks,
chopp

rob.rice · 08-24-2009, 03:27 PM

If your making a custom kernel you don't need an initrd file
just build the mobo HDD vedio controllers drivers the file system support executable format keyboard mouse
in to the kernel
a quick way to get a basic configuration is to do "make i386_defconfig"or for a 64bit kernel "make x86_64_defconfig"
you will still need to run "make menuconfig" to add file systems usb modules
and turn off kernel debugging
you might want to move every thing not needed to boot up out to modules like sound card and alsa modules

chopp · 08-24-2009, 03:40 PM

I've tried that also, which results in kernel panic. I've been using slack quite a few years, and this is my first experience with initrd's.
Before going with lvm/luks on this laptop, I would always build a custom kernel right after install.

I was under the impression that an initrd was required to unlock the luks prior to booting the kernel?

Code:

Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,1)

gegechris99 · 08-24-2009, 03:49 PM

I'm not sure what is your plan but did you read the README_CRYPT.TXT and especially the last section "Combining LUKS and LVM"?

Also, if you want to use an initrd file for both of your lilo entries, they should definitely have different names and the "initrd" line in lilo.conf should reflect that (which is not the case in your lilo.conf example)

rob.rice · 08-24-2009, 03:52 PM

Quote:

Originally Posted by chopp

I've tried that also, which results in kernel panic. I've been using slack quite a few years, and this is my first experience with initrd's.
Before going with lvm/luks on this laptop, I would always build a custom kernel right after install.

I was under the impression that an initrd was required to unlock the luks prior to booting the kernel?

Code:

Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,1)

why encrypt the whole root file system that's like running a foot race up wind with an open parachute on
all you would really need to encrypt would be is /home/username at the most and /home/username/data-to-protect at the least
check your /etc/mtab file for where the root file system is mounted and how it's mounted

chopp · 08-24-2009, 04:04 PM

I just followed README_CRYPT.TXT Combining LUKS and LVM

If encrypting just /home is a better plan, hey I'm all for it. As it stands with / also encrypted, it seems to work great. I'm not sure where the uphill with a parachute comes in. :-)

Code:

root@x41:/etc# cat /etc/mtab
/dev/cryptvg/root / ext3 rw,errors=continue,data=ordered 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/dev/mapper/cryptvg-home /home ext3 rw 0 0
/dev/sda1 /boot ext3 rw 0 0
tmpfs /dev/shm tmpfs rw 0 0

titopoquito · 08-24-2009, 04:13 PM

Quote:

Originally Posted by rob.rice

why encrypt the whole root file system that's like running a foot race up wind with an open parachute on
all you would really need to encrypt would be is /home/username at the most and /home/username/data-to-protect at the least
check your /etc/mtab file for where the root file system is mounted and how it's mounted

[LITTLE BIT OFFTOPIC THOUGHTS]
One reason for encrypting root, or at least my reason: If you have sensible data on your computer, say a laptop, you get some stuff outside of /home: root user's bash history giving an indication what files you have opened, eventually some stuff in /tmp and eventually also in /var/spool/cups. If you try to give your documents meaningful names, sometimes that's enough info to hide it, let's say a client's name etc.

That is way too much paranoia for most people, but for some it may be needed. If a harddisk of mine is damaged I couldn't claim for warranty if it wasn't encrypted. Totally encrypted, even the file names, I don't have to care which technician gets his hands on the harddrive, they won't get any data that I'm by law obliged to keep confidential.

One other reason might be to mount several partitions with a keyfile that is saved on the root partition. That way you only have to input a keyphrase once and not for every single encrypted partition.
[/LITTLE BIT OFFTOPIC THOUGHTS]

BCarey · 08-24-2009, 04:14 PM

One problem is that you build ext3 into your kernel, which means there is no module to add to your initrd.

I would say encrypting your whole disk is more like running into the wind with an open napkin. Sure you are providing a slight amount of extra drag, but then you get to wipe your forhead, too.

Also, depending on your uses, you may find that you need to encrypt more than just /home, ie. database info, log info, etc., which may not be in /home. I find LVM on an encrypted partition to provide maximum simplicity and flexibility, and I sure did not notice a speed decrease with encrypted root disks.

Brian

chopp · 08-24-2009, 04:23 PM

BCarey,
so I have to use an initrd or no? I have decided to stick with both /, and /home encrypted. Without an initrd I got the kernel panic, and I had just removed the initrd = from lilo, and no luck there.

Thanks everyone for the help thus far.

chopp · 08-24-2009, 04:56 PM

well if nothing else, I'm now very confused. The install kernel has ext3 built into it also, and the initrd for it works great.

rob.rice · 08-24-2009, 04:58 PM

Quote:

Originally Posted by BCarey

One problem is that you build ext3 into your kernel, which means there is no module to add to your initrd.

Brian

IF the kernel already has support for ext3 why dose it matter that there is no ext3 module in the initrd file
isn't the point of the initrd file to provide modules
needed to boot the system that are not in the kernel

in slackware it looks like the initrd file is being used as
a way around building custom kernel

BCarey · 08-24-2009, 06:14 PM

Quote:

Originally Posted by chopp

BCarey,
so I have to use an initrd or no? I have decided to stick with both /, and /home encrypted. Without an initrd I got the kernel panic, and I had just removed the initrd = from lilo, and no luck there.

Thanks everyone for the help thus far.

As far as I know you need an initrd if you want this setup. Did you make sure to put /boot on a small, unencrypted partition? Your kernel panic could be due to that.

Brian

BCarey · 08-24-2009, 06:18 PM

Quote:

Originally Posted by rob.rice

IF the kernel already has support for ext3 why dose it matter that there is no ext3 module in the initrd file
isn't the point of the initrd file to provide modules
needed to boot the system that are not in the kernel

in slackware it looks like the initrd file is being used as
a way around building custom kernel

It would just try to insert the module and then let you know that it couldn't because it is not there, similar to the reported error. Probably not fatal. However, the OP seems to have another problem, why is it trying to insert modules from the wrong kernel version?

Brian

chopp · 08-24-2009, 06:19 PM

yes I have /boot on a separate unencrypted partition.

Code:

root@x41:/etc# cat /etc/mtab
/dev/cryptvg/root / ext3 rw,errors=continue,data=ordered 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/dev/mapper/cryptvg-home /home ext3 rw 0 0
/dev/sda1 /boot ext3 rw 0 0
tmpfs /dev/shm tmpfs rw 0 0

BCarey · 08-24-2009, 06:35 PM

In your lilo.conf you have both kernel versions pointing to the same initrd.gz. This cannot be right.

Brian