LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   slackware-current encryption ?? (https://www.linuxquestions.org/questions/slackware-14/slackware-current-encryption-4175581192/)

dab1414 06-01-2016 10:15 AM

slackware-current encryption ??
 
So I have been playing with LUKS and LVM for the first time. I stupidly did not install the x86_64 version, so I will be redoing install later. So I did get everything to install correctly and working, following this. 2 separate drives, both encrypted except the boot partiton. My data partition (sdb1) I was able to create a keyfile, add entry into /etc/crypttab, and it works automatically when booting up.

I want to have option to have a keyfile on a usb thumb drive, and when booting that will unlock the encrypted root partition (sda2).

So far I have created a keyfile and placed on usb drive
Code:

cryptsetup luksAddKey /dev/sda /path
and verified I added the slot
Code:

cryptsetup luksDump /dev/sda
then in lilo added
Code:

append = "cryptdevice=/dev/sda2:root cryptkey=/dev/disk/by-uuid/XXXX-XXXX:vfat:cph
the X's are replaced with actual uuid, and on usb drive there is nothing on there except the keyfile that i named cph.
using the generic kernel 4.4.11 with initrd

ran lilo
when reboot it just hangs until i manually type in a passphrase. but I did notice that the usb drive gets loaded after my encrypted root.

not sure if I missed a step or maybe its just pebkac, but would like to try and figure out what I need to do to make this work.

bassmadrigal 06-01-2016 11:27 AM

What did your mkinitrd command look like? Maybe it isn't loading all the needed modules for your USB drive and has to wait until the drive is unlocked before it can access those additional modules.

dab1414 06-01-2016 11:56 AM

Quote:

Originally Posted by bassmadrigal (Post 5554060)
What did your mkinitrd command look like? Maybe it isn't loading all the needed modules for your USB drive and has to wait until the drive is unlocked before it can access those additional modules.

I dont remember exactly but i used

Code:

# /usr/share/mkinitrd/mkinitrd_command_generator.sh -r
But the result had the options for luks, lvm, and other stuff like the keyboard


Here is the, to me, odd thing, so in boot it gives me prompt for the passphrase for root partition, when I leave it alone it looks like it loaded up all remaining partions. It listed for sure my external NTFS drive and the fat32 thumb drive (that has the keyfile) both usb.

I am probably going to install the slackware64-current tonight, then i could to share logs and such. Just trying to see if there was something I might have forgot to do.

dab1414 06-02-2016 05:40 PM

So I just did some digging around, determined that what I needed was to do this in initrd not as kernel parameters in lilo. So looking in the manpage for mkinitrd is the answer: with the mkinitrd_comman_generator.sh result I added following to it
Code:

-K UUID=XXXX:XXXX:/path/to/file
ran that then lilo and reboot and all is good:o


All times are GMT -5. The time now is 09:36 AM.