|
Hacking the initrd for encrypted partitions
I am trying to set up my laptop to have encrypted root and swap partitions. What I would like to do is have the boot process pause and prompt for the passphrase to unlock the swap and root partitions before attempting to mount. Although this sounds complicated, the majority of it isn't. Using cryptsetup with luks it is easy to encrypt a partition and establish a passphrase that unlocks the partition and thus creates a virtual device in /dev/mapper. Then I use mkinitrd to create a basic initrd with all the kernel modules required for this setup to work in the boot process. The problem lies in hacking the initrd. Fedora has moved to using nash as its boot "almost shell", which has some very useful built in commands, such as switchroot. But it will not stop for a prompt and blows right past cryptsetup when it asks for a passphrase. I've attempted to work around it by adding busybox and its built in shell msh (or ash, if you compile it yourself with that option) and wrote a small script to call cryptsetup, but, even then the initrd does not stop for user input. I've reversed it and wrote an init that is a msh script that, towards its end, calls a nash script to run switchroot, but, because it is not init and thus does not have a pid of 1, it fails to mount root and launch init, although everything else works, including the prompt. I am trying to avoid using pivot_root or klibc's run_init as that I'd like to stay as close to a standard Fedora boot process as possible. I have seen reference to other people who have managed to get this to work for them, but I have not received a reply to my emails. Can anyone make a suggestion?
|
