On Sunday 02 July 2006 16:58, Miroslav Kure wrote: > Meanwhile I also wrote a foundation for new section for boot-new.xml > (our RM complained it is too empty ;-) which talks about issues with > mounting encrypted volumes when booting the system. This one is > attached both as a docbook source and a html page, because the source > is a bit wild. Here's a review based on the HTML file. > 7.2. Mounting encrypted volumes > > If you created encrypted volumes during the installation and assigned them mount points, you will be asked to enter appropriate passphrases for these volumes during the boot. The actual procedure slightly differs between dm-crypt and loop-AES. General point: You use "encrypted volumes" here. Would "encrypted filesystems" maybe be easier to understand for readers? s/appropriate passphrases for these volumes/ the passphrase for each of these volumes/ s/slightly differs/differs slightly/ > 7.2.1. loop-AES > > For partitions encrypted via loop-AES you will be shown the following > prompt during the boot: > > mount: going to use loop device /dev/loopX > Password: > > where X is some number. You are now probably asking yourself which > volume are you actually entering the passphrase for. Does is relate to IMO better: "In the first line of the prompt, X is the number of the loop device." s/asking yourself which/wondering for which/ s/are you/you are/ s/ for. Does is/. Does it/ > your /home? Or to the /var? This is where the notes you wrote down as s:the /var:/var: > the last step in Section 6.3.2.4, “Configuring Encrypted Volumes” come > handy. If you did not note the mapping between loopX and the mount point > before, you can still find it in /etc/fstab of your new system. s/come handy/come in handy/ s/not note/not make a note of/ s/mount point/mount points/ > Of course, if you have just one encrypted volume, you do not need to > bother and can enter the passphrase right away. Maybe this could be moved up a bit: just after "You are now probably wondering..." It could then be: "Of course, if you have just one encrypted volume, this is easy and you can just enter the passphrase you used when setting up this volume." Followed by: "If you set up more than one encrypted volume during the installation, the notes you wrote down ..." > No characters (even asterisk) will be shown while entering the > passphrase. s/asterisk/asterisks/ Seems more logical to combine this with the next para. > Be careful, you have only one try. If you enter wrong passphrase, an > error message will appear and mounting will continue with another > volume. Please see Section 7.2.3, “Troubleshooting” below for further > information. s/and mounting .../and the boot process will skip that volume and continue to mount the next filesystem./ s/below// > After entering all passphrases the boot should continue as usual. > > 7.2.2. dm-crypt > > TODO: write something once it works. > > 7.2.3. Troubleshooting > > * If some of the encrypted volumes could not be mounted due to the wrong > passphrase, you will have to mount them after the boot. There are > several cases. s/due to the wrong passphrase/because a wrong passphrase was entered/ s/them/them manually/ Should the case for / be listed first? > The easiest case is with encrypted volumes holding data like /home > or /srv. You can simply mount them manually after the boot. For loop-AES > this is one-step operation: s/is with/is for/ > # mount /mount_point > Password: > > where /mount_point should be replaced by the particular directory > (e.g. /home). The only difference from ordinary mount is that you will > be asked to enter the passphrase for this volume. s/ordinary/an ordinary/ > dm-crypt is a bit trickier. First you need to register the volumes with > device mapper by running: s/dm-crypt is a bit trickier./For dm-crypt this is a bit trickier./ > # /etc/init.d/cryptdisks start > > This will scan all volumes mentioned in /etc/crypttab and will create > appropriate devices under the /dev directory after entering the correct > passphrases. (Already registered volumes will be skipped, so you can > repeat this command several times without worrying.) After successful > registration you can simply mount the volumes the usual way: > > # mount /mount_point > > * If the volumes holding noncritical system files could not be mounted > (/usr or /var), the system should still boot and you should be able to > mount the volumes manually like in the previous case. Moreover you will > also need to (re)start services usually running in your default > runlevel, because it is very likely that they were not started. The s/Moreover/However,/ s/services/any services/ s/, because/ because/ > easiest way to achieve this is by switching to the first runlevel and > back by entering > # init 1 > > at the shell prompt and pressing Control-D when asked for the root > password. > > * The last case concerns the root partition. When it is not mounted > correctly, the boot process will halt and you will have to restart the > computer to try again. s/restart/reboot/
Attachment:
pgpT5QJCAKVu0.pgp
Description: PGP signature