LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-31-2006, 02:00 AM   #1
ankscorek
Member
 
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529

Rep: Reputation: 31
encrypted root fs


i have done everything successfully that is required to create an encrypted file system

my lilo.conf


# Partition 1: Linux GUI mode
image = /boot/vmlinuz
root = /dev/hdb1
label = linux
append = ""
read-only

# Partition 2: Linux
image = /boot/vmlinuz-2.6.12
root = /dev/hdb1
label = 2.6.12
append = ""
read-only
# Partition 3: Linux
image = /boot/tamu/vmlinuz-slackware-hda1
root = /dev/hda1
label = slackware-hda1
read-only

# Partition 4: Linux
image = /boot/vmlinuz-2.6.12
root = /dev/ram0
#init=/linuxrc
initrd=/boot/myinitrd
label = vector-hdb5
read-only


partition 4 is my encrypted partition.. when i do this
#lilo
i get no error

when i tyr to boot into this crypted fs i ge ta kernel panic saying that no init found..

the corresponding grub entry is as under


default 0
timeout 5
splashimage=(hd0,0)/grub/splash.xpm.gz

title=Linux (2.6.11)
root (hd0,0)
kernel (hd0,0)/bzImage-2.6.11 root=/dev/ram0 rw init=/linuxrc
initrd (hd0,0)/myinitrd

pl help

and yes i forgot here is the o/p of


#lilo -v


LILO version 22.5.9, Copyright (C) 1992-1998 Werner Almesberger
Development beyond version 21 Copyright (C) 1999-2004 John Coffman
Released 08-Apr-2004 and compiled at 00:18:50 on May 21 2004.

Warning: LBA32 addressing assumed
Reading boot sector from /dev/hda
Warning: Kernel & BIOS return differing head/sector geometries for device 0x80
Kernel: 38792 cylinders, 16 heads, 63 sectors
BIOS: 1023 cylinders, 240 heads, 63 sectors
Warning: Kernel & BIOS return differing head/sector geometries for device 0x81
Kernel: 16383 cylinders, 255 heads, 63 sectors
BIOS: 1023 cylinders, 240 heads, 63 sectors
Using BITMAP secondary loader
Calling map_insert_data
Warning: The boot sector and map file are on different disks.
Mapping bitmap file /boot/bitmap/boot.bmp -> boot-shine256.bmp
Calling map_insert_file

Boot image: /boot/vmlinuz -> vmlinuz-scsi-2.4.29
Added linux *

Boot image: /boot/vmlinuz-2.6.12
Added 2.6.12

Boot image: /boot/tamu/vmlinuz-slackware-hda1
Added slackware-hda1

Boot image: /boot/vmlinuz-2.6.12
Mapping RAM disk /boot/myinitrd
Added vector-hdb5

Writing boot sector.
/boot/boot.0300 exists - no boot sector backup copy made.

 
Old 02-01-2006, 08:14 PM   #2
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
Quote:
#init=/linuxrc
because you hashed out the init= line.

when booting an initrd, you need to pass init=/path/to/de-crypt-script to the kernel.. usually people name this /linuxrc.
 
Old 02-03-2006, 01:10 AM   #3
ankscorek
Member
 
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529

Original Poster
Rep: Reputation: 31
when i had not hashed it our it was not recognising the init line

after i hashed it out it gave me th eabove o/p
 
Old 02-03-2006, 01:09 PM   #4
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
is the initrd path correct ?
does the initrd filesystem contain a linuxrc script
is the linuxrc script executable ?
 
Old 02-03-2006, 10:50 PM   #5
ankscorek
Member
 
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529

Original Poster
Rep: Reputation: 31
here is the linuxrc file

#chown -x /linuxrc

#!/bin/sh
export PATH=/bin:/sbin

# Get cmdline from proc
mount -t proc proc /proc
CMDLINE=`cat /proc/cmdline`
# Create /dev/mapper/control nod for udev systems
sh devmap_mknod.sh
umount /proc

# Mount real root and change to it
sleep 1
cryptsetup -y luksOpen /dev/hdb5 root
while test $? -ne 0; do
cryptsetup -y luksOpen /dev/hdb5 root;
done
# If you use JFS, check the filesystem before mounting to make sure it's clean.
# If it's not clean, mounting will fail.
# fsck.jfs /dev/mapper/root
mount /dev/mapper/root /new
cd /new
mkdir initrd
pivot_root . initrd

# Start init and flush ram device
exec chroot . /bin/sh <<- EOF >/dev/console 2>&1
umount initrd
rm -rf initrd
blockdev --flushbufs /dev/ram0
exec /sbin/init ${CMDLINE}
EOF
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
root password not encrypted meskensj Linux - Newbie 3 10-19-2005 04:56 AM
Encrypted Root Filesystem (dm-crypt/loopAES +ext3fs) - Problem dragoncity99 Slackware 6 08-01-2005 12:14 AM
Encrypted Root Filesystem HOWTO and /dev filesystem tmillard Linux From Scratch 0 10-18-2004 03:58 PM
Encrypted FS? linuxtesting2 Linux - Security 4 04-05-2004 04:08 PM
8.1 install: encrypted root ext3 filesystem Snailer Slackware 1 10-01-2002 03:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration